CVE-2015-6460

3S-Smart CODESYS Gateway Server < 2.3.9.34 - Remote Code Execution via Opcode 0x3ef or 0x3f0

Title source: llm
STIX 2.1

Description

Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway Server before 2.3.9.34 allow remote attackers to execute arbitrary code via opcode (1) 0x3ef or (2) 0x3f0.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://zerodayinitiative.com/advisories/ZDI-15-442/
Third Party Advisory, VDB Entry x_refsource_misc
http://zerodayinitiative.com/advisories/ZDI-15-441/
Third Party Advisory, US Government Resource x_refsource_confirm
https://ics-cert.us-cert.gov/advisories/ICSA-15-258-02

Scores

EPSS 0.0621
EPSS Percentile 92.7%

Details

CWE
CWE-119
Status published
Products (2)
3s-smart/codesys_gateway_server < 2.3.9.34
CODESYS/3S-Smart CODESYS Gateway Server V2 - 2.3.9.34
Published Sep 18, 2015
Tracked Since Feb 18, 2026