3S Fixes Null Pointer Dereference Hole

Thursday, October 15, 2015 @ 05:10 PM gHale

3S created a new version to mitigate a NULL pointer dereference vulnerability in its 3S-Smart Software Solutions GmbH’s CODESYS Runtime Toolkit, according to a report on ICS-CERT.

This remotely exploitable vulnerability ended up discovered by Nicholas Miles of Tenable Network Security.

SDG Hole Exploit Code Released
Nordex Fixes Wind Farm SCADA App
Omron Fixes Multiple Vulnerabilities
Pump Infusion System Holes Mended

CODESYS Runtime Toolkit, versions prior to Version suffer from the issue.

Successful exploitation of this vulnerability may allow a remote attacker to crash the Runtime Toolkit, resulting in a denial of service condition.

3S-Smart Software Solutions GmbH has its headquarters in Kempten, Germany, and has distributors in more than 10 countries worldwide.

The affected product, CODESYS Runtime Toolkit, is embedded third-party software. CODESYS sees action across several sectors including critical manufacturing, energy, and transportation systems. 3S-Smart Software Solutions GmbH estimates these products see use worldwide.

A crafted request may allow a NULL pointer dereference that could crash the Runtime Toolkit causing a denial-of-service condition.

CVE-2015-6482 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

No known public exploits specifically target this vulnerability. However, an attacker with a low skill would be able to exploit this vulnerability.

3S-Smart Software Solutions released a new version of CODESYS, Version, which contains a new version of the Runtime Toolkit, Version CODESYS, Version

For additional information about the new version of CODESYS or questions about the vulnerability, click here for the CODESYS Support Team’s contact information.