CVE number – CVE-2019-5105
An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService 188.8.131.52. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability.
3S-Smart Software Solutions CODESYS is licensed to vendors who are creating PLCs, or can be purchased directly from 3S-Smart Software Solutions for directly supported platforms. This software is used to turn any device into a soft PLC. The wide range of support allows easy adoption for industrial applications, being able to run on Windows, Linux, or even bare metal. The GatewayService.exe is required to be able to talk to the end device such as a PLC, and will be running on any Windows device that is being used to program or monitor a CODESYS runtime.
3S-Smart Software Solutions CODESYS 184.108.40.206
2019-09-19 – Initial Contact
2019-09-23 – Vendor Disclosure
2020-03-25 – Vendor Patched; Public Release