CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.0%
The remote host is running a version of CoDeSys Gateway Service prior to version 2.3.9.27. It is, therefore, affected by the following vulnerabilities:
Two unspecified memory range/bounds checking flaws exist that can be triggered by a specially crafted packet sent to the Gateway service on port 1211. (CVE-2012-4704, CVE-2012-4707)
An unspecified directory traversal vulnerability exists that can be used to access arbitrary files on the remote host. This flaw could be exploited by sending a specially crafted packet to the Gateway service on port 1211. (CVE-2012-4705)
An unspecified heap overflow (leading to a denial of service condition or possible arbitrary code execution) vulnerability exists that can be triggered by sending a specially crafted packet to the Gateway service on port 1211. (CVE-2012-4706)
An unspecified stack overflow (leading to a denial of service condition or possible arbitrary code execution) vulnerability exists that can be triggered by sending a specially crafted packet to the Gateway service on port 1211. (CVE-2012-4708)
Binary data scada_codesys_gateway_2_3_9_27.nbin