3s-software 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには パス処理の欠陥、バッファオーバーフロー、vendor risk memory corruption, and vendor risk input validation があり、vendor surface production workloads の利用場面で vendor impact memory corruption、ファイル上書き, and vendor impact unexpected behavior などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2018-5440 | A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted request may cause a buffer overflow and could therefore execute arbitrary code on the web server or lead to a denial-of-service condition due to a crash in the web server. | [email protected] | 9.8 | 1.31% | 2018-02-15 | 2024-11-21 |
| CVE-2015-6482 | Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request. | [email protected] | 5.0 | 0.44% | 2015-10-18 | 2026-05-06 |
| CVE-2014-0769 | The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001. | [email protected] | 9.3 | 0.56% | 2014-04-25 | 2026-05-06 |
| CVE-2014-0760 | The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | [email protected] | 9.3 | 3.43% | 2014-04-25 | 2026-05-06 |
| CVE-2014-0757 | Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. | [email protected] | 7.1 | 1.97% | 2014-01-31 | 2026-04-29 |
| CVE-2013-2781 | Use-after-free vulnerability in the server application in 3S CODESYS Gateway 2.3.9.27 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors. | [email protected] | 10.0 | 3.40% | 2013-05-23 | 2026-04-29 |
| CVE-2012-4708 | Stack-based buffer overflow in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet. | [email protected] | 10.0 | 7.47% | 2013-02-24 | 2026-04-29 |
| CVE-2012-4707 | 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors that trigger an out-of-bounds memory access. | [email protected] | 10.0 | 6.71% | 2013-02-24 | 2026-04-29 |
| CVE-2012-4706 | Integer signedness error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to cause a denial of service via a crafted packet that triggers a heap-based buffer overflow. | [email protected] | 7.8 | 0.61% | 2013-02-24 | 2026-04-29 |
| CVE-2012-4705 | Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname. | [email protected] | 10.0 | 70.39% | 2013-02-24 | 2026-04-29 |
| CVE-2012-4704 | Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet. | [email protected] | 10.0 | 12.08% | 2013-02-24 | 2026-04-29 |
| CVE-2012-6069 | The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. This could allow the attacker to affect the availability, integrity, and confidentiality of the device. | [email protected] | 10.0 | 2.23% | 2013-01-21 | 2026-04-29 |
| CVE-2012-6068 | The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service. | [email protected] | 9.8 | 4.38% | 2013-01-21 | 2026-04-29 |