Advisory Details

September 16th, 2015

CODESYS Gateway Server Opcode 0x3ef Heap Buffer Overflow Remote Code Execution Vulnerability

ZDI-15-441
ZDI-CAN-2785

CVE ID CVE-2015-6460
CVSS SCORE 7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)
AFFECTED VENDORS Codesys
AFFECTED PRODUCTS Gateway Server
TREND MICRO CUSTOMER PROTECTION Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 19577. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CODESYS Gateway Server. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of the 0x3ef opcode. An attacker can send a large buffer of data to the server which will cause a heap buffer overflow. An attacker can leverage this vulnerability to execute code under the context of the process.

VENDOR RESPONSE Codesys has issued an update to correct this vulnerability. More details can be found at:
https://ics-cert.us-cert.gov/advisories/ICSA-15-258-02
DISCLOSURE TIMELINE
  • 2015-03-06 - Vulnerability reported to vendor
  • 2015-09-16 - Coordinated public release of advisory
CREDIT Josep Pi Rodriguez
BACK TO ADVISORIES