CVE-2013-2781 : Use-after-free vulnerability in the server application in 3S CODESYS Gateway 2.3.9.27 allows remote attackers to cause a

Use-after-free vulnerability in the server application in 3S CODESYS Gateway 2.3.9.27 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors.

Published 2013-05-23 13:36:30

Updated 2013-05-23 14:35:49

Source ICS-CERT

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute codeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2013-2781

Probability of exploitation activity in the next 30 days: 0.32%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 70 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-2781

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2013-2781

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-2781

http://ics-cert.us-cert.gov/advisories/ICSA-13-142-01

3S CODESYS Gateway Use After Free | CISA
US Government Resource

Products affected by CVE-2013-2781

3s-software » Codesys Gateway-server » Version: 2.3.9.27
cpe:2.3:a:3s-software:codesys_gateway-server:2.3.9.27:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-2781

Exploit prediction scoring system (EPSS) score for CVE-2013-2781

CVSS scores for CVE-2013-2781

CWE ids for CVE-2013-2781

References for CVE-2013-2781

Products affected by CVE-2013-2781