Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.802280
Category:Buffer overflow
Title:Codesys CmpWebServer Multiple Vulnerabilities
Summary:The host is running Codesys and is prone to multiple vulnerabilities.
Description:Summary:
The host is running Codesys and is prone to multiple vulnerabilities.

Vulnerability Insight:
- A boundary error in the Control service when processing web
requests can be exploited to cause a stack-based buffer overflow via an overly
long URL sent to TCP port 8080

- A NULL pointer dereference error in the CmbWebserver.dll module of the
Control service when processing HTTP POST requests can be exploited to deny
processing further requests via a specially crafted 'Content-Length' header
sent to TCP port 8080

- A NULL pointer dereference error in the CmbWebserver.dll module of the
Control service when processing web requests can be exploited to deny
processing further requests by sending a request with an unknown HTTP
method to TCP port 8080

- An error in the Control service when processing web requests containing a
non existent directory can be exploited to create arbitrary directories
within the webroot via requests sent to TCP port 8080

- An integer overflow error in the Gateway service when processing certain
requests can be exploited to cause a heap-based buffer overflow via a
specially crafted packet sent to TCP port 1217

Vulnerability Impact:
Successful exploitation may allow remote attackers to execute
arbitrary code on the system or cause the application to crash.

Affected Software/OS:
Codesys version 3.4 SP4 Patch 2 and prior.

Solution:
Upgrade to version 2.3.9.32, 3.5 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-5007
Bugtraq: 20111129 Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2 (Google Search)
http://seclists.org/bugtraq/2011/Nov/178
http://www.exploit-db.com/exploits/18187
http://aluigi.altervista.org/adv/codesys_1-adv.txt
http://ics-cert.us-cert.gov/advisories/ICSA-12-320-01
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf
http://osvdb.org/77387
http://secunia.com/advisories/47018
Common Vulnerability Exposure (CVE) ID: CVE-2011-5008
http://www.osvdb.org/77386
XForce ISS Database: codesys-gatewayservice-bo(71531)
https://exchange.xforce.ibmcloud.com/vulnerabilities/71531
Common Vulnerability Exposure (CVE) ID: CVE-2011-5009
http://www.osvdb.org/77388
http://www.osvdb.org/77389
XForce ISS Database: codesys-cmpwebserver-dos(71533)
https://exchange.xforce.ibmcloud.com/vulnerabilities/71533
Common Vulnerability Exposure (CVE) ID: CVE-2011-5058
XForce ISS Database: codesys-cmbwebserver-dir-traversal(72339)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72339
CopyrightCopyright (C) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.