CVE-2012-4707
critical
CVSS v3
—
CVSS v2
10.0
VIR risk
10.0
Description
3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors that trigger an out-of-bounds memory access.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| 3s-software | codesys_gateway-server | {"endIncluding":"2.3.9.19"} | |
| 3s-software | codesys_gateway-server | 2.3.5.1 | |
| 3s-software | codesys_gateway-server | 2.3.5.2 | |
| 3s-software | codesys_gateway-server | 2.3.5.3 | |
| 3s-software | codesys_gateway-server | 2.3.6.0 | |
| 3s-software | codesys_gateway-server | 2.3.7.0 | |
| 3s-software | codesys_gateway-server | 2.3.8.0 | |
| 3s-software | codesys_gateway-server | 2.3.8.1 | |
| 3s-software | codesys_gateway-server | 2.3.8.2 | |
| 3s-software | codesys_gateway-server | 2.3.9 | |
| 3s-software | codesys_gateway-server | 2.3.9.1 | |
| 3s-software | codesys_gateway-server | 2.3.9.2 | |
| 3s-software | codesys_gateway-server | 2.3.9.3 | |
| 3s-software | codesys_gateway-server | 2.3.9.4 | |
| 3s-software | codesys_gateway-server | 2.3.9.5 | |
| 3s-software | codesys_gateway-server | 2.3.9.18 | |
References
CWEs
CWE-94
Verify integrity in audit chain (admin only). AS-IS.