2 matches found
CVE-2017-6027
CVE-2017-6027 affects CODESYS Web Server (WebVisu) versions 2.3 and earlier. A specially crafted request can upload arbitrary files of dangerous types to the server without authorization, potentially enabling remote code execution. The issue is documented in multiple sources (NVD/NVD-related entr...
CVE-2017-6025
CVE-2017-6025 affects 3S-Smart Software Solutions GmbH CODESYS Web Server (WebVisu) versions 2.3 and prior. Root cause: stack-based buffer overflow when processing XML due to unverified string sizes during memory copy, allowing a malicious user to crash the application or potentially execute arbi...