彙總 3s-software 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 路徑處理缺陷、緩衝區溢位、記憶體損壞與輸入驗證問題,在 生產負載與軟體部署 使用場景中可能帶來 記憶體損壞、檔案覆寫與異常行為 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2018-5440 | A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted request may cause a buffer overflow and could therefore execute arbitrary code on the web server or lead to a denial-of-service condition due to a crash in the web server. | [email protected] | 9.8 | 1.31% | 2018-02-15 | 2024-11-21 |
| CVE-2015-6482 | Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request. | [email protected] | 5.0 | 0.44% | 2015-10-18 | 2026-05-06 |
| CVE-2014-0769 | The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001. | [email protected] | 9.3 | 0.56% | 2014-04-25 | 2026-05-06 |
| CVE-2014-0760 | The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | [email protected] | 9.3 | 3.43% | 2014-04-25 | 2026-05-06 |
| CVE-2014-0757 | Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. | [email protected] | 7.1 | 1.97% | 2014-01-31 | 2026-04-29 |
| CVE-2013-2781 | Use-after-free vulnerability in the server application in 3S CODESYS Gateway 2.3.9.27 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors. | [email protected] | 10.0 | 3.40% | 2013-05-23 | 2026-04-29 |
| CVE-2012-4708 | Stack-based buffer overflow in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet. | [email protected] | 10.0 | 7.47% | 2013-02-24 | 2026-04-29 |
| CVE-2012-4707 | 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors that trigger an out-of-bounds memory access. | [email protected] | 10.0 | 6.71% | 2013-02-24 | 2026-04-29 |
| CVE-2012-4706 | Integer signedness error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to cause a denial of service via a crafted packet that triggers a heap-based buffer overflow. | [email protected] | 7.8 | 0.61% | 2013-02-24 | 2026-04-29 |
| CVE-2012-4705 | Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname. | [email protected] | 10.0 | 70.39% | 2013-02-24 | 2026-04-29 |
| CVE-2012-4704 | Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet. | [email protected] | 10.0 | 12.08% | 2013-02-24 | 2026-04-29 |
| CVE-2012-6069 | The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. This could allow the attacker to affect the availability, integrity, and confidentiality of the device. | [email protected] | 10.0 | 2.23% | 2013-01-21 | 2026-04-29 |
| CVE-2012-6068 | The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service. | [email protected] | 9.8 | 4.38% | 2013-01-21 | 2026-04-29 |