Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:2BA159C6E13FF65D3DD1904DA8D121FE
HistoryDec 16, 2011 - 12:00 a.m.

Smart Software Solutions CoDeSys Webserver URI Copying Stack Buffer Overflow

2011-12-1600:00:00
SAINT Corporation
www.saintcorporation.com
25

0.835 High

EPSS

Percentile

98.5%

JSON

Added: 12/16/2011
CVE: CVE-2011-5007
BID: 50849
OSVDB: 77387

Background

Smart Software Solutions GmbH (3S) manufactures CoDeSys Web Server, a Supervisory Control and Data Acquisition/Human-Machine Interface (SCADA/HMI) product. The SCADA Web Server listens on TCP port 8080.

Problem

The **CmpWebServer.dll** library is affected by a buffer overflow in the function **0040f480** that copies the input URI into a limited stack buffer allowing code execution.

Resolution

Upgrade or apply patches when they become available.

References

<http://aluigi.altervista.org/adv/codesys_1-adv.txt&gt;
<http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf&gt;
<http://www.scadahacker.com/vulndb/2011/ics-vuln-3s-11-336-01.html&gt;

Limitations

Exploit works on Smart Software Solutions CoDeSys 2.3.9.31, running on Microsoft Windows Server 2003 SP2 English (DEP OptOut) with patches KB956802 and KB2393802 installed.

Platforms

Windows Server 2003

Related

cve 1
cvelist 1
checkpoint_advisories 1
prion 1
nvd 1
ics 2
saint 3
openvas 1
cve
cve
CVE-2011-5007
2011-12-25 01:55:04
cvelist
cvelist
CVE-2011-5007
2011-12-25 01:00:00
checkpoint_advisories
checkpoint_advisories
Smart Software Solutions CoDeSys ControlService Stack Buffer Overflow (CVE-2011-5007)
2012-05-28 00:00:00
prion
prion
Stack overflow
2011-12-25 01:55:00
nvd
nvd
CVE-2011-5007
2011-12-25 01:55:04
ics
ics
ABB AC500 PLC Webserver CoDeSys Vulnerability
2013-04-30 12:00:00
3S CoDeSys Vulnerabilities
2018-09-06 12:00:00
saint
saint
Smart Software Solutions CoDeSys Webserver URI Copying Stack Buffer Overflow
2011-12-16 00:00:00
Smart Software Solutions CoDeSys Webserver URI Copying Stack Buffer Overflow
2011-12-16 00:00:00
Smart Software Solutions CoDeSys Webserver URI Copying Stack Buffer Overflow
2011-12-16 00:00:00
openvas
openvas
Codesys CmpWebServer Multiple Vulnerabilities
2011-12-06 00:00:00

0.835 High

EPSS

Percentile

98.5%

JSON
Related for SAINT:2BA159C6E13FF65D3DD1904DA8D121FE
cve1cvelist1checkpoint_advisories1prion1nvd1ics2saint3openvas1