3S Smart Software Solutions
Products
6- 10 CVEs
- 8 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
21| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-6069 | Cri | 0.65 | 10.0 | 0.03 | Jan 21, 2013 | The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. This could allow the … | ||
| CVE-2018-5440 | Cri | 0.64 | 9.8 | 0.03 | Feb 15, 2018 | A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted… | ||
| CVE-2017-6027 | Cri | 0.64 | 9.8 | 0.03 | May 19, 2017 | An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A… | ||
| CVE-2017-6025 | Cri | 0.64 | 9.8 | 0.02 | May 19, 2017 | A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A malicious… | ||
| CVE-2012-6068 | Cri | 0.64 | 9.8 | 0.05 | Jan 21, 2013 | The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service. | ||
| CVE-2012-4705 | 0.08 | — | 0.66 | Feb 24, 2013 | Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname. | |||
| CVE-2012-4708 | 0.01 | — | 0.07 | Feb 24, 2013 | Stack-based buffer overflow in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet. | |||
| CVE-2021-30186 | 0.00 | — | 0.07 | May 25, 2021 | CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow. | |||
| CVE-2019-13538 | 0.00 | — | 0.01 | Sep 17, 2019 | 3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also… | |||
| CVE-2019-13542 | 0.00 | — | 0.01 | Sep 17, 2019 | 3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition. | |||
| CVE-2018-10612 | 0.00 | — | 0.01 | Jan 29, 2019 | In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials. | |||
| CVE-2015-6484 | 0.00 | — | 0.02 | Oct 25, 2015 | 3S-Smart CODESYS Gateway Server before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted (1) GET or (2) POST request. | |||
| CVE-2015-6482 | 0.00 | — | 0.02 | Oct 18, 2015 | Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request. | |||
| CVE-2015-6460 | 0.00 | — | 0.06 | Sep 18, 2015 | Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway Server before 2.3.9.34 allow remote attackers to execute arbitrary code via opcode (1) 0x3ef or (2) 0x3f0. | |||
| CVE-2014-0769 | 0.00 | — | 0.02 | Apr 25, 2014 | The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug… | |||
| CVE-2014-0760 | 0.00 | — | 0.03 | Apr 25, 2014 | The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service… | |||
| CVE-2014-0757 | 0.00 | — | 0.03 | Jan 31, 2014 | Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. | |||
| CVE-2013-2781 | 0.00 | — | 0.04 | May 23, 2013 | Use-after-free vulnerability in the server application in 3S CODESYS Gateway 2.3.9.27 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors. | |||
| CVE-2012-4707 | 0.00 | — | 0.04 | Feb 24, 2013 | 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors that trigger an out-of-bounds memory access. | |||
| CVE-2012-4706 | 0.00 | — | 0.02 | Feb 24, 2013 | Integer signedness error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to cause a denial of service via a crafted packet that triggers a heap-based buffer overflow. |
- risk 0.65cvss 10.0epss 0.03
The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. This could allow the …
- risk 0.64cvss 9.8epss 0.03
A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted…
- risk 0.64cvss 9.8epss 0.03
An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A…
- risk 0.64cvss 9.8epss 0.02
A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A malicious…
- risk 0.64cvss 9.8epss 0.05
The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service.
- CVE-2012-4705Feb 24, 2013risk 0.08cvss —epss 0.66
Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname.
- CVE-2012-4708Feb 24, 2013risk 0.01cvss —epss 0.07
Stack-based buffer overflow in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet.
- CVE-2021-30186May 25, 2021risk 0.00cvss —epss 0.07
CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.
- CVE-2019-13538Sep 17, 2019risk 0.00cvss —epss 0.01
3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also…
- CVE-2019-13542Sep 17, 2019risk 0.00cvss —epss 0.01
3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.
- CVE-2018-10612Jan 29, 2019risk 0.00cvss —epss 0.01
In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.
- CVE-2015-6484Oct 25, 2015risk 0.00cvss —epss 0.02
3S-Smart CODESYS Gateway Server before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted (1) GET or (2) POST request.
- CVE-2015-6482Oct 18, 2015risk 0.00cvss —epss 0.02
Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request.
- CVE-2015-6460Sep 18, 2015risk 0.00cvss —epss 0.06
Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway Server before 2.3.9.34 allow remote attackers to execute arbitrary code via opcode (1) 0x3ef or (2) 0x3f0.
- CVE-2014-0769Apr 25, 2014risk 0.00cvss —epss 0.02
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug…
- CVE-2014-0760Apr 25, 2014risk 0.00cvss —epss 0.03
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service…
- CVE-2014-0757Jan 31, 2014risk 0.00cvss —epss 0.03
Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.
- CVE-2013-2781May 23, 2013risk 0.00cvss —epss 0.04
Use-after-free vulnerability in the server application in 3S CODESYS Gateway 2.3.9.27 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors.
- CVE-2012-4707Feb 24, 2013risk 0.00cvss —epss 0.04
3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors that trigger an out-of-bounds memory access.
- CVE-2012-4706Feb 24, 2013risk 0.00cvss —epss 0.02
Integer signedness error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to cause a denial of service via a crafted packet that triggers a heap-based buffer overflow.