CVE-2015-6460 Information

Description

Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway Server before 2.3.9.47 allow remote attackers to execute arbitrary code via opcode (1) 0x3ef or (2) 0x3f0.

Reference

http://zerodayinitiative.com/advisories/ZDI-15-441/ http://zerodayinitiative.com/advisories/ZDI-15-442/ https://ics-cert.us-cert.gov/advisories/ICSA-15-258-02