Sign-up

ID

VAR-201510-0195


CVE

CVE-2015-6484


TITLE

3S CODESYS Gateway Null Pointer Exception Vulnerability

Trust: 0.8

sources: IVD: 7c6976ce-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06870

DESCRIPTION

3S-Smart CODESYS Gateway Server before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted (1) GET or (2) POST request. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. The CODESYS Gateway Server is a software defined server. An attacker could exploit the vulnerability to cause a denial of service. Attackers can exploit this issue to cause server process to crash, resulting in denial-of-service conditions. 3S-Smart Software Solutions CoDeSys is a set of PLC (Programmable Logic Controller) software programming tools from 3S-Smart Software Solutions in Germany

Trust: 2.7

sources: NVD: CVE-2015-6484 // JVNDB: JVNDB-2015-005612 // CNVD: CNVD-2015-06870 // BID: 77258 // IVD: 7c6976ce-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-84445

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 7c6976ce-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06870

AFFECTED PRODUCTS

vendor:3s smartmodel:codesys gateway serverscope:lteversion:2.3.9.47

Trust: 1.0

vendor:3s smartmodel:codesys gateway serverscope:eqversion:2.3.9.47

Trust: 0.9

vendor:3s smartmodel:codesys gateway serverscope:ltversion:2.3.9.48

Trust: 0.8

vendor:3s smartmodel:software solutions codesys gateway serverscope:ltversion:2.3.9.48

Trust: 0.6

vendor:3s smartmodel:codesys gateway serverscope:neversion:2.3.9.48

Trust: 0.3

vendor:codesys gateway servermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 7c6976ce-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06870 // BID: 77258 // JVNDB: JVNDB-2015-005612 // CNNVD: CNNVD-201510-573 // NVD: CVE-2015-6484

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6484
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6484
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-06870
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201510-573
value: MEDIUM

Trust: 0.6

IVD: 7c6976ce-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-84445
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6484
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-06870
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7c6976ce-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-84445
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 7c6976ce-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-06870 // VULHUB: VHN-84445 // JVNDB: JVNDB-2015-005612 // CNNVD: CNNVD-201510-573 // NVD: CVE-2015-6484

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2015-005612 // NVD: CVE-2015-6484

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-573

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.3

sources: BID: 77258

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005612

PATCH
title:Top Pageurl:https://www.codesys.com/
Trust: 0.8
title:3S CODESYS Gateway null pointer exception vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/65891
Trust: 0.6
title:3S-Smart Software Solutions CODESYS Gateway Server Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58417
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-06870 // 
            
            
            
            JVNDB: JVNDB-2015-005612 // 
            
            
            
            CNNVD: CNNVD-201510-573

EXTERNAL IDS
db:NVDid:CVE-2015-6484
Trust: 3.6
db:ICS CERTid:ICSA-15-293-03
Trust: 3.4
db:CNNVDid:CNNVD-201510-573
Trust: 0.9
db:CNVDid:CNVD-2015-06870
Trust: 0.8
db:JVNDBid:JVNDB-2015-005612
Trust: 0.8
db:BIDid:77258
Trust: 0.4
db:IVDid:7C6976CE-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-84445
Trust: 0.1
sources:
            
            
            IVD: 7c6976ce-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2015-06870 // 
            
            
            
            VULHUB: VHN-84445 // 
            
            
            
            BID: 77258 // 
            
            
            
            JVNDB: JVNDB-2015-005612 // 
            
            
            
            CNNVD: CNNVD-201510-573 // 
            
            
            
            NVD: CVE-2015-6484

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-293-03
Trust: 3.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6484
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6484
Trust: 0.8
url:https://www.codesys.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-06870 // 
            
            
            
            VULHUB: VHN-84445 // 
            
            
            
            BID: 77258 // 
            
            
            
            JVNDB: JVNDB-2015-005612 // 
            
            
            
            CNNVD: CNNVD-201510-573 // 
            
            
            
            NVD: CVE-2015-6484

CREDITS
Ashish Kamble of Qualys
Trust: 0.3
sources:
            
            
            BID: 77258

SOURCES
db:IVDid:7c6976ce-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2015-06870
db:VULHUBid:VHN-84445
db:BIDid:77258
db:JVNDBid:JVNDB-2015-005612
db:CNNVDid:CNNVD-201510-573
db:NVDid:CVE-2015-6484

LAST UPDATE DATE
2025-04-12T23:30:41.070000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-06870date:2015-10-28T00:00:00
db:VULHUBid:VHN-84445date:2015-10-27T00:00:00
db:BIDid:77258date:2015-10-20T00:00:00
db:JVNDBid:JVNDB-2015-005612date:2015-10-28T00:00:00
db:CNNVDid:CNNVD-201510-573date:2015-10-26T00:00:00
db:NVDid:CVE-2015-6484date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:7c6976ce-2351-11e6-abef-000c29c66e3ddate:2015-10-28T00:00:00
db:CNVDid:CNVD-2015-06870date:2015-10-28T00:00:00
db:VULHUBid:VHN-84445date:2015-10-25T00:00:00
db:BIDid:77258date:2015-10-20T00:00:00
db:JVNDBid:JVNDB-2015-005612date:2015-10-28T00:00:00
db:CNNVDid:CNNVD-201510-573date:2015-10-26T00:00:00
db:NVDid:CVE-2015-6484date:2015-10-25T02:59:12.763