Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:69B31F4F60CF34D5132FB1A0C942FF29
HistoryDec 16, 2011 - 12:00 a.m.

Smart Software Solutions CoDeSys Webserver URI Copying Stack Buffer Overflow

2011-12-1600:00:00
SAINT Corporation
download.saintcorporation.com
68

0.835 High

EPSS

Percentile

98.5%

JSON

Added: 12/16/2011
CVE: CVE-2011-5007
BID: 50849
OSVDB: 77387

Background

Smart Software Solutions GmbH (3S) manufactures CoDeSys Web Server, a Supervisory Control and Data Acquisition/Human-Machine Interface (SCADA/HMI) product. The SCADA Web Server listens on TCP port 8080.

Problem

The **CmpWebServer.dll** library is affected by a buffer overflow in the function **0040f480** that copies the input URI into a limited stack buffer allowing code execution.

Resolution

Upgrade or apply patches when they become available.

References

<http://aluigi.altervista.org/adv/codesys_1-adv.txt&gt;
<http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf&gt;
<http://www.scadahacker.com/vulndb/2011/ics-vuln-3s-11-336-01.html&gt;

Limitations

Exploit works on Smart Software Solutions CoDeSys 2.3.9.31, running on Microsoft Windows Server 2003 SP2 English (DEP OptOut) with patches KB956802 and KB2393802 installed.

Platforms

Windows Server 2003

Related

cve 1
cvelist 1
saint 3
checkpoint_advisories 1
prion 1
nvd 1
ics 2
openvas 1
cve
cve
CVE-2011-5007
2011-12-25 01:55:04
cvelist
cvelist
CVE-2011-5007
2011-12-25 01:00:00
saint
saint
Smart Software Solutions CoDeSys Webserver URI Copying Stack Buffer Overflow
2011-12-16 00:00:00
Smart Software Solutions CoDeSys Webserver URI Copying Stack Buffer Overflow
2011-12-16 00:00:00
Smart Software Solutions CoDeSys Webserver URI Copying Stack Buffer Overflow
2011-12-16 00:00:00
checkpoint_advisories
checkpoint_advisories
Smart Software Solutions CoDeSys ControlService Stack Buffer Overflow (CVE-2011-5007)
2012-05-28 00:00:00
prion
prion
Stack overflow
2011-12-25 01:55:00
nvd
nvd
CVE-2011-5007
2011-12-25 01:55:04
ics
ics
ABB AC500 PLC Webserver CoDeSys Vulnerability
2013-04-30 12:00:00
3S CoDeSys Vulnerabilities
2018-09-06 12:00:00
openvas
openvas
Codesys CmpWebServer Multiple Vulnerabilities
2011-12-06 00:00:00

0.835 High

EPSS

Percentile

98.5%

JSON
Related for SAINT:69B31F4F60CF34D5132FB1A0C942FF29
cve1cvelist1saint3checkpoint_advisories1prion1nvd1ics2openvas1