Search criteria
2 vulnerabilities by 3S-Smart
CVE-2018-10612 (GCVE-0-2018-10612)
Vulnerability from cvelistv5 – Published: 2019-01-29 16:00 – Updated: 2024-09-17 02:32
VLAI
Summary
In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.
Severity
No CVSS data available.
CWE
- CWE-284 - IMPROPER ACCESS CONTROL CWE-284
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/106248 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| 3S-Smart | 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0 |
Affected:
3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0
|
Date Public
2018-12-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106248"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0",
"vendor": "3S-Smart",
"versions": [
{
"status": "affected",
"version": "3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0"
}
]
}
],
"datePublic": "2018-12-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "IMPROPER ACCESS CONTROL CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-30T10:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "106248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106248"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-12-18T00:00:00",
"ID": "CVE-2018-10612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0",
"version": {
"version_data": [
{
"version_value": "3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0"
}
]
}
}
]
},
"vendor_name": "3S-Smart"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER ACCESS CONTROL CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106248"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10612",
"datePublished": "2019-01-29T16:00:00.000Z",
"dateReserved": "2018-05-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:32:49.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6460 (GCVE-0-2015-6460)
Vulnerability from cvelistv5 – Published: 2015-09-18 22:00 – Updated: 2024-09-16 19:51
VLAI
Summary
Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway Server before 2.3.9.34 allow remote attackers to execute arbitrary code via opcode (1) 0x3ef or (2) 0x3f0.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://zerodayinitiative.com/advisories/ZDI-15-442/ | x_refsource_MISC |
| http://zerodayinitiative.com/advisories/ZDI-15-441/ | x_refsource_MISC |
| https://ics-cert.us-cert.gov/advisories/ICSA-15-258-02 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CODESYS | 3S-Smart CODESYS Gateway Server |
Affected:
V2 , < 2.3.9.34
(custom)
|
Date Public
2022-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:21.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-15-442/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-15-441/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-258-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "3S-Smart CODESYS Gateway Server",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "2.3.9.34",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway Server before 2.3.9.34 allow remote attackers to execute arbitrary code via opcode (1) 0x3ef or (2) 0x3f0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T10:40:22.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-15-442/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-15-441/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-258-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-07-08T08:00:00.000Z",
"ID": "CVE-2015-6460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "3S-Smart CODESYS Gateway Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "2.3.9.34"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway Server before 2.3.9.34 allow remote attackers to execute arbitrary code via opcode (1) 0x3ef or (2) 0x3f0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://zerodayinitiative.com/advisories/ZDI-15-442/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-15-442/"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-15-441/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-15-441/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-258-02",
"refsource": "CONFIRM",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-258-02"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-6460",
"datePublished": "2015-09-18T22:00:00.000Z",
"dateReserved": "2015-08-17T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:51:01.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}