https://ics-cert.us-cert.gov/advisories/ICSA-15-288-01

The 3S CODESYS Runtime Toolkit running on the remote Windows host is affected by a denial of service vulnerability in the PLCWinNT Runtime service (TCP port 1200) due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this to crash the service, via a crafted request that triggers a NULL pointer deference.

The 3S CODESYS Runtime Toolkit installed on the remote Windows host is affected by a denial of service vulnerability in the PLCWinNT Runtime service (TCP port 1200) due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this to crash the service, via a crafted request that triggers a NULL pointer deference.

ID	Name	Product	Family	Severity
86573	3S CODESYS Runtime Toolkit < 2.4.7.48 PLCWinNT DoS	Nessus	SCADA	high
86572	3S CODESYS Runtime Toolkit < 2.4.7.48 PLCWinNT DoS (credentialed check)	Nessus	SCADA	high

CVE-2015-6482

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins