CVE-2012-4704

critical

Published 2013-02-24 · Modified 2026-04-29

CVSS v3

—

CVSS v2

10.0

VIR risk

10.0

Description

Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact

Vendor	Product	Versions	Fixed
3s-software	codesys_gateway-server	`{"endIncluding":"2.3.9.20"}`
3s-software	codesys_gateway-server	`2.3.5.1`
3s-software	codesys_gateway-server	`2.3.5.2`
3s-software	codesys_gateway-server	`2.3.5.3`
3s-software	codesys_gateway-server	`2.3.6.0`
3s-software	codesys_gateway-server	`2.3.7.0`
3s-software	codesys_gateway-server	`2.3.8.0`
3s-software	codesys_gateway-server	`2.3.8.1`
3s-software	codesys_gateway-server	`2.3.8.2`
3s-software	codesys_gateway-server	`2.3.9`
3s-software	codesys_gateway-server	`2.3.9.1`
3s-software	codesys_gateway-server	`2.3.9.2`
3s-software	codesys_gateway-server	`2.3.9.3`
3s-software	codesys_gateway-server	`2.3.9.4`
3s-software	codesys_gateway-server	`2.3.9.5`
3s-software	codesys_gateway-server	`2.3.9.18`
3s-software	codesys_gateway-server	`2.3.9.19`

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.