3S Fixes Null Pointer Dereference Hole
Thursday, October 15, 2015 @ 05:10 PM gHale
3S created a new version to mitigate a NULL pointer dereference vulnerability in its 3S-Smart Software Solutions GmbH’s CODESYS Runtime Toolkit, according to a report on ICS-CERT.
This remotely exploitable vulnerability ended up discovered by Nicholas Miles of Tenable Network Security.
CODESYS Runtime Toolkit, versions prior to Version 184.108.40.206 suffer from the issue.
Successful exploitation of this vulnerability may allow a remote attacker to crash the Runtime Toolkit, resulting in a denial of service condition.
3S-Smart Software Solutions GmbH has its headquarters in Kempten, Germany, and has distributors in more than 10 countries worldwide.
The affected product, CODESYS Runtime Toolkit, is embedded third-party software. CODESYS sees action across several sectors including critical manufacturing, energy, and transportation systems. 3S-Smart Software Solutions GmbH estimates these products see use worldwide.
A crafted request may allow a NULL pointer dereference that could crash the Runtime Toolkit causing a denial-of-service condition.
CVE-2015-6482 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.
No known public exploits specifically target this vulnerability. However, an attacker with a low skill would be able to exploit this vulnerability.
3S-Smart Software Solutions released a new version of CODESYS, Version 220.127.116.11, which contains a new version of the Runtime Toolkit, Version 18.104.22.168. CODESYS, Version 22.214.171.124.
For additional information about the new version of CODESYS or questions about the vulnerability, click here for the CODESYS Support Team’s contact information.