CoDeSys Gateway Service < 2.3.9.27 Multiple Vulnerabilities

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote host is running a SCADA data gateway service that is
affected by multiple vulnerabilities.

Description :

The remote host is running a version of CoDeSys Gateway Service prior
to version 2.3.9.27. It is, therefore, affected by the following
vulnerabilities:

- Two unspecified memory range/bounds checking flaws exist
that can be triggered by a specially crafted packet sent
to the Gateway service on port 1211. (CVE-2012-4704,
CVE-2012-4707)

- An unspecified directory traversal vulnerability exists
that can be used to access arbitrary files on the remote
host. This flaw could be exploited by sending a
specially crafted packet to the Gateway service on port
1211. (CVE-2012-4705)

- An unspecified heap overflow (leading to a denial of
service condition or possible arbitrary code execution)
vulnerability exists that can be triggered by sending a
specially crafted packet to the Gateway service on port
1211. (CVE-2012-4706)

- An unspecified stack overflow (leading to a denial of
service condition or possible arbitrary code execution)
vulnerability exists that can be triggered by sending a
specially crafted packet to the Gateway service on port
1211. (CVE-2012-4708)

See also :

http://www.codesys.com/download.html

Solution :

Upgrade to CoDeSys Gateway 2.3.9.27 or higher.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 65195 ()

Bugtraq ID: 58032
59446

CVE ID: CVE-2012-4704
CVE-2012-4705
CVE-2012-4706
CVE-2012-4707
CVE-2012-4708