Smart Software Solutions CoDeSys Webserver URI Copying Stack Buffer Overflow

2011-12-16T00:00:00
ID SAINT:69B31F4F60CF34D5132FB1A0C942FF29
Type saint
Reporter SAINT Corporation
Modified 2011-12-16T00:00:00

Description

Added: 12/16/2011
CVE: CVE-2011-5007
BID: 50849
OSVDB: 77387

Background

Smart Software Solutions GmbH (3S) manufactures CoDeSys Web Server, a Supervisory Control and Data Acquisition/Human-Machine Interface (SCADA/HMI) product. The SCADA Web Server listens on TCP port 8080.

Problem

The **CmpWebServer.dll** library is affected by a buffer overflow in the function **0040f480** that copies the input URI into a limited stack buffer allowing code execution.

Resolution

Upgrade or apply patches when they become available.

References

<http://aluigi.altervista.org/adv/codesys_1-adv.txt>
<http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf>
<http://www.scadahacker.com/vulndb/2011/ics-vuln-3s-11-336-01.html>

Limitations

Exploit works on Smart Software Solutions CoDeSys 2.3.9.31, running on Microsoft Windows Server 2003 SP2 English (DEP OptOut) with patches KB956802 and KB2393802 installed.

Platforms

Windows Server 2003