CoDeSys Gateway Server Multiple Remote Code Execution Vulnerabilities
BID:58032
Info
CoDeSys Gateway Server Multiple Remote Code Execution Vulnerabilities
| Bugtraq ID: | 58032 |
| Class: | Unknown |
| CVE: |
CVE-2012-4704 CVE-2012-4706 CVE-2012-4707 CVE-2012-4708 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 19 2013 12:00AM |
| Updated: | Mar 19 2015 08:12AM |
| Credit: | Aaron Portnoy of Exodus Intelligence |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
CoDeSys Gateway Server Multiple Remote Code Execution Vulnerabilities
CoDeSys is prone to multiple remote code-execution vulnerabilities.
An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
CoDeSys 2.3.9.27 is vulnerable; other versions may also be affected.
Note: This BID was previously titled "CoDeSys Gateway Server Multiple Security Vulnerabilities", but the issue (described by CVE-2012-4705) has been moved to BID 59446 (CoDeSys Gateway Server CVE-2012-4705 Directory Traversal Vulnerability) to better document it.
CoDeSys is prone to multiple remote code-execution vulnerabilities.
An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
CoDeSys 2.3.9.27 is vulnerable; other versions may also be affected.
Note: This BID was previously titled "CoDeSys Gateway Server Multiple Security Vulnerabilities", but the issue (described by CVE-2012-4705) has been moved to BID 59446 (CoDeSys Gateway Server CVE-2012-4705 Directory Traversal Vulnerability) to better document it.
Exploit / POC
CoDeSys Gateway Server Multiple Remote Code Execution Vulnerabilities
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
CoDeSys Gateway Server Multiple Remote Code Execution Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
CoDeSys Gateway Server Multiple Remote Code Execution Vulnerabilities
References:
References:
- CoDeSys Homepage (3S - Smart Software Solutions)