Vulnerabilites related to 3ssoftware - codesys
var-201112-0099
Vulnerability from variot
The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method. CoDeSys Automation Suite is a comprehensive software tool for industrial automation technology. CoDeSys has multiple remote denial of service vulnerabilities in its implementation, which can be exploited by remote attackers to crash applications and deny legitimate users. A vulnerability exists in the CmpWebServer.dll module in the Control service in the 3S CoDeSys 3.4 SP4 Patch 2 release. CoDeSys is prone to multiple denial-of-service vulnerabilities. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: CoDeSys Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA47018
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47018/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47018
RELEASE DATE: 2011-12-01
DISCUSS ADVISORY: http://secunia.com/advisories/47018/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/47018/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47018
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Luigi Auriemma has discovered multiple vulnerabilities in CoDeSys, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
1) An integer overflow error in the Gateway service when processing certain requests can be exploited to cause a heap-based buffer overflow via a specially crafted packet sent to TCP port 1217.
2) A boundary error in the Control service when processing web requests can be exploited to cause a stack-based buffer overflow via an overly long URL sent to TCP port 8080.
5) An error in the Control service when processing web requests containing a non-existent directory can be exploited to create arbitrary directories within the webroot via requests sent to TCP port 8080.
Successful exploitation of vulnerabilities #1 and #2 allows execution of arbitrary code.
The vulnerabilities are confirmed in version 3.4 SP4 Patch 2. Other versions may also be affected.
SOLUTION: Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma
ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/codesys_1-adv.txt
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201112-0099",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "codesys",
"scope": "eq",
"trust": 1.6,
"vendor": "3ssoftware",
"version": "3.4"
},
{
"model": "codesys sp4 patch",
"scope": "eq",
"trust": 0.9,
"vendor": "3s smart",
"version": "3.42"
},
{
"model": "codesys",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.4 sp4 patch 2"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "codesys",
"version": "3.4"
},
{
"model": "codesys3.4 sp4",
"scope": null,
"trust": 0.6,
"vendor": "3ssoftware",
"version": null
},
{
"model": "codesys",
"scope": "eq",
"trust": 0.3,
"vendor": "3s smart",
"version": "3.4"
},
{
"model": "codesys",
"scope": "eq",
"trust": 0.3,
"vendor": "3s smart",
"version": "2.3"
},
{
"model": "codesys",
"scope": "ne",
"trust": 0.3,
"vendor": "3s smart",
"version": "3.5"
},
{
"model": "codesys",
"scope": "ne",
"trust": 0.3,
"vendor": "3s smart",
"version": "2.3.9.32"
}
],
"sources": [
{
"db": "IVD",
"id": "45cf0374-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2416614a-1f7c-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7e646e-463f-11e9-8e21-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5258"
},
{
"db": "CNVD",
"id": "CNVD-2011-5589"
},
{
"db": "BID",
"id": "50854"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003532"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-449"
},
{
"db": "NVD",
"id": "CVE-2011-5009"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:codesys:codesys",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003532"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "50854"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-514"
}
],
"trust": 0.9
},
"cve": "CVE-2011-5009",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2011-5009",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2011-5589",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "45cf0374-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "2416614a-1f7c-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "7d7e646e-463f-11e9-8e21-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-5009",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-5009",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2011-5589",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201112-449",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "45cf0374-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "2416614a-1f7c-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d7e646e-463f-11e9-8e21-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "45cf0374-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2416614a-1f7c-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7e646e-463f-11e9-8e21-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5589"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003532"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-449"
},
{
"db": "NVD",
"id": "CVE-2011-5009"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method. CoDeSys Automation Suite is a comprehensive software tool for industrial automation technology. CoDeSys has multiple remote denial of service vulnerabilities in its implementation, which can be exploited by remote attackers to crash applications and deny legitimate users. A vulnerability exists in the CmpWebServer.dll module in the Control service in the 3S CoDeSys 3.4 SP4 Patch 2 release. CoDeSys is prone to multiple denial-of-service vulnerabilities. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nCoDeSys Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA47018\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/47018/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47018\n\nRELEASE DATE:\n2011-12-01\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/47018/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/47018/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47018\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nLuigi Auriemma has discovered multiple vulnerabilities in CoDeSys,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService) and compromise a vulnerable system. \n\n1) An integer overflow error in the Gateway service when processing\ncertain requests can be exploited to cause a heap-based buffer\noverflow via a specially crafted packet sent to TCP port 1217. \n\n2) A boundary error in the Control service when processing web\nrequests can be exploited to cause a stack-based buffer overflow via\nan overly long URL sent to TCP port 8080. \n\n5) An error in the Control service when processing web requests\ncontaining a non-existent directory can be exploited to create\narbitrary directories within the webroot via requests sent to TCP\nport 8080. \n\nSuccessful exploitation of vulnerabilities #1 and #2 allows execution\nof arbitrary code. \n\nThe vulnerabilities are confirmed in version 3.4 SP4 Patch 2. Other\nversions may also be affected. \n\nSOLUTION:\nRestrict access to trusted hosts only. \n\nPROVIDED AND/OR DISCOVERED BY:\nLuigi Auriemma\n\nORIGINAL ADVISORY:\nhttp://aluigi.altervista.org/adv/codesys_1-adv.txt\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-5009"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003532"
},
{
"db": "CNVD",
"id": "CNVD-2011-5258"
},
{
"db": "CNVD",
"id": "CNVD-2011-5589"
},
{
"db": "BID",
"id": "50854"
},
{
"db": "IVD",
"id": "45cf0374-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2416614a-1f7c-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7e646e-463f-11e9-8e21-000c29342cb1"
},
{
"db": "PACKETSTORM",
"id": "107457"
}
],
"trust": 3.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-5009",
"trust": 3.9
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-336-01A",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "47018",
"trust": 2.3
},
{
"db": "OSVDB",
"id": "77388",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "77389",
"trust": 1.6
},
{
"db": "BID",
"id": "50854",
"trust": 1.5
},
{
"db": "CNNVD",
"id": "CNNVD-201112-449",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2011-5589",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2011-5258",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003532",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201111-514",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20111129 VULNERABILITIES IN 3S CODESYS 3.4 SP4 PATCH 2",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-006-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "45CF0374-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "2416614A-1F7C-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D7E646E-463F-11E9-8E21-000C29342CB1",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "107457",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "45cf0374-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2416614a-1f7c-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7e646e-463f-11e9-8e21-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5258"
},
{
"db": "CNVD",
"id": "CNVD-2011-5589"
},
{
"db": "BID",
"id": "50854"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003532"
},
{
"db": "PACKETSTORM",
"id": "107457"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-514"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-449"
},
{
"db": "NVD",
"id": "CVE-2011-5009"
}
]
},
"id": "VAR-201112-0099",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "45cf0374-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2416614a-1f7c-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7e646e-463f-11e9-8e21-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5258"
},
{
"db": "CNVD",
"id": "CNVD-2011-5589"
}
],
"trust": 2.615404046666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.8
}
],
"sources": [
{
"db": "IVD",
"id": "45cf0374-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2416614a-1f7c-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7e646e-463f-11e9-8e21-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5258"
},
{
"db": "CNVD",
"id": "CNVD-2011-5589"
}
]
},
"last_update_date": "2024-11-23T22:27:38.630000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.3s-software.com/"
},
{
"title": "3S CoDeSys CmpWebServer.dll module denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/37426"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5589"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003532"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003532"
},
{
"db": "NVD",
"id": "CVE-2011-5009"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-336-01a.pdf"
},
{
"trust": 2.2,
"url": "http://secunia.com/advisories/47018"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/77389"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/77388"
},
{
"trust": 1.6,
"url": "http://seclists.org/bugtraq/2011/nov/178"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71533"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5009"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5009"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/50854"
},
{
"trust": 0.3,
"url": "http://www.3s-software.com/index.shtml?en_codesysv3_en"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-006-01.pdf"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47018"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47018/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47018/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5258"
},
{
"db": "CNVD",
"id": "CNVD-2011-5589"
},
{
"db": "BID",
"id": "50854"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003532"
},
{
"db": "PACKETSTORM",
"id": "107457"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-514"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-449"
},
{
"db": "NVD",
"id": "CVE-2011-5009"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "45cf0374-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2416614a-1f7c-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7e646e-463f-11e9-8e21-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5258"
},
{
"db": "CNVD",
"id": "CNVD-2011-5589"
},
{
"db": "BID",
"id": "50854"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003532"
},
{
"db": "PACKETSTORM",
"id": "107457"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-514"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-449"
},
{
"db": "NVD",
"id": "CVE-2011-5009"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-26T00:00:00",
"db": "IVD",
"id": "45cf0374-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-14T00:00:00",
"db": "IVD",
"id": "2416614a-1f7c-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-26T00:00:00",
"db": "IVD",
"id": "7d7e646e-463f-11e9-8e21-000c29342cb1"
},
{
"date": "2011-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5258"
},
{
"date": "2011-12-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5589"
},
{
"date": "2011-11-30T00:00:00",
"db": "BID",
"id": "50854"
},
{
"date": "2011-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003532"
},
{
"date": "2011-12-01T04:30:55",
"db": "PACKETSTORM",
"id": "107457"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-514"
},
{
"date": "2011-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-449"
},
{
"date": "2011-12-25T01:55:04.727000",
"db": "NVD",
"id": "CVE-2011-5009"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5258"
},
{
"date": "2011-12-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5589"
},
{
"date": "2012-01-10T20:00:00",
"db": "BID",
"id": "50854"
},
{
"date": "2011-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003532"
},
{
"date": "2011-12-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-514"
},
{
"date": "2012-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-449"
},
{
"date": "2024-11-21T01:33:25.340000",
"db": "NVD",
"id": "CVE-2011-5009"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-514"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-449"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3S CoDeSys CmpWebServer.dll Module Denial of Service Vulnerability",
"sources": [
{
"db": "IVD",
"id": "45cf0374-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7e646e-463f-11e9-8e21-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5589"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-449"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "45cf0374-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2416614a-1f7c-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7e646e-463f-11e9-8e21-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-449"
}
],
"trust": 1.2
}
}
var-201112-0097
Vulnerability from variot
Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080. CoDeSys is a powerful PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. The GatewayService has an integer overflow. The GatewayService uses the 32-bit value offset at the header 0x0c to specify the size of the received data. The program receives this value, increasing the number of 0x34 and allocating the amount of memory can cause an integer overflow. CmpWebServer is a component of the 3SRTESrv3 and CoDeSysControlService services for handling 8080 port connections. The function 0040f480 copies the input URI to a limited stack buffer, which can trigger a buffer overflow. 3S CoDeSys handles the Content-Length value in an HTTP POST request to trigger a null pointer reference. CoDeSys is prone to a stack-based buffer-overflow and an integer-overflow vulnerability. Failed attacks may cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201112-0097",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "codesys sp4 patch",
"scope": "eq",
"trust": 3.5,
"vendor": "3s smart",
"version": "3.42"
},
{
"model": "codesys",
"scope": "lte",
"trust": 1.0,
"vendor": "3ssoftware",
"version": "3.4"
},
{
"model": "codesys",
"scope": "lte",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.4 sp4 patch 2"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "codesys",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "codesys",
"scope": "eq",
"trust": 0.6,
"vendor": "3ssoftware",
"version": "3.4"
},
{
"model": "codesys",
"scope": "eq",
"trust": 0.3,
"vendor": "3s smart",
"version": "3.4"
},
{
"model": "codesys",
"scope": "eq",
"trust": 0.3,
"vendor": "3s smart",
"version": "2.3"
},
{
"model": "codesys",
"scope": "ne",
"trust": 0.3,
"vendor": "3s smart",
"version": "3.5"
},
{
"model": "codesys",
"scope": "ne",
"trust": 0.3,
"vendor": "3s smart",
"version": "2.3.9.32"
}
],
"sources": [
{
"db": "IVD",
"id": "45e2b734-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "45e91728-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5b319126-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
},
{
"db": "IVD",
"id": "4143b83e-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "84af9d86-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5591"
},
{
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"db": "CNVD",
"id": "CNVD-2011-5127"
},
{
"db": "BID",
"id": "50849"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003530"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-447"
},
{
"db": "NVD",
"id": "CVE-2011-5007"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:codesys:codesys",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003530"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-501"
}
],
"trust": 0.6
},
"cve": "CVE-2011-5007",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2011-5007",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2011-5591",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "45e2b734-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "45e91728-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "5b319126-1f7d-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "4143b83e-1f7d-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "84af9d86-1f7d-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-5007",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2011-5007",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2011-5591",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201112-447",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "45e2b734-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "45e91728-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "5b319126-1f7d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "4143b83e-1f7d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "84af9d86-1f7d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "45e2b734-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "45e91728-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5b319126-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
},
{
"db": "IVD",
"id": "4143b83e-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "84af9d86-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5591"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003530"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-447"
},
{
"db": "NVD",
"id": "CVE-2011-5007"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080. CoDeSys is a powerful PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. The GatewayService has an integer overflow. The GatewayService uses the 32-bit value offset at the header 0x0c to specify the size of the received data. The program receives this value, increasing the number of 0x34 and allocating the amount of memory can cause an integer overflow. CmpWebServer is a component of the 3SRTESrv3 and CoDeSysControlService services for handling 8080 port connections. The function 0040f480 copies the input URI to a limited stack buffer, which can trigger a buffer overflow. 3S CoDeSys handles the Content-Length value in an HTTP POST request to trigger a null pointer reference. CoDeSys is prone to a stack-based buffer-overflow and an integer-overflow vulnerability. Failed attacks may cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-5007"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003530"
},
{
"db": "CNVD",
"id": "CNVD-2011-5591"
},
{
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"db": "CNVD",
"id": "CNVD-2011-5127"
},
{
"db": "BID",
"id": "50849"
},
{
"db": "IVD",
"id": "45e2b734-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "45e91728-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5b319126-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
},
{
"db": "IVD",
"id": "4143b83e-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "84af9d86-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d"
}
],
"trust": 5.85
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-5007",
"trust": 4.7
},
{
"db": "BID",
"id": "50849",
"trust": 3.3
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-336-01A",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "77387",
"trust": 2.2
},
{
"db": "CNNVD",
"id": "CNNVD-201112-447",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "18187",
"trust": 1.6
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-336-01",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "47018",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2011-5591",
"trust": 1.2
},
{
"db": "ICS CERT",
"id": "ICSA-12-320-01",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2011-5128",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-5125",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-5127",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-5126",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003530",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201111-501",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20111129 VULNERABILITIES IN 3S CODESYS 3.4 SP4 PATCH 2",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-006-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "45E2B734-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "45E91728-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "5B319126-1F7D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D7D2BF0-463F-11E9-BF0D-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "4143B83E-1F7D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "84AF9D86-1F7D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7E1D2E16-1F7D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "45e2b734-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "45e91728-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5b319126-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
},
{
"db": "IVD",
"id": "4143b83e-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "84af9d86-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5591"
},
{
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"db": "CNVD",
"id": "CNVD-2011-5127"
},
{
"db": "BID",
"id": "50849"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003530"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-501"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-447"
},
{
"db": "NVD",
"id": "CVE-2011-5007"
}
]
},
"id": "VAR-201112-0097",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "45e2b734-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "45e91728-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5b319126-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
},
{
"db": "IVD",
"id": "4143b83e-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "84af9d86-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5591"
},
{
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"db": "CNVD",
"id": "CNVD-2011-5127"
}
],
"trust": 5.12310607
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 4.4
}
],
"sources": [
{
"db": "IVD",
"id": "45e2b734-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "45e91728-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5b319126-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
},
{
"db": "IVD",
"id": "4143b83e-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "84af9d86-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5591"
},
{
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"db": "CNVD",
"id": "CNVD-2011-5127"
}
]
},
"last_update_date": "2024-11-29T22:47:02.572000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.3s-software.com/"
},
{
"title": "3S CoDeSys CmpWebServer component buffer overflow vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/37428"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5591"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003530"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003530"
},
{
"db": "NVD",
"id": "CVE-2011-5007"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.3,
"url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-336-01a.pdf"
},
{
"trust": 2.2,
"url": "http://osvdb.org/77387"
},
{
"trust": 1.6,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-336-01.pdf"
},
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/18187"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/47018"
},
{
"trust": 1.6,
"url": "http://seclists.org/bugtraq/2011/nov/178"
},
{
"trust": 1.0,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-12-320-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5007"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5007"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/50849"
},
{
"trust": 0.3,
"url": "http://www.3s-software.com/index.shtml?en_codesysv3_en"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-006-01.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5591"
},
{
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"db": "CNVD",
"id": "CNVD-2011-5127"
},
{
"db": "BID",
"id": "50849"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003530"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-501"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-447"
},
{
"db": "NVD",
"id": "CVE-2011-5007"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "45e2b734-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "45e91728-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5b319126-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
},
{
"db": "IVD",
"id": "4143b83e-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "84af9d86-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5591"
},
{
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"db": "CNVD",
"id": "CNVD-2011-5127"
},
{
"db": "BID",
"id": "50849"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003530"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-501"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-447"
},
{
"db": "NVD",
"id": "CVE-2011-5007"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-26T00:00:00",
"db": "IVD",
"id": "45e2b734-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-26T00:00:00",
"db": "IVD",
"id": "45e91728-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-05T00:00:00",
"db": "IVD",
"id": "5b319126-1f7d-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-26T00:00:00",
"db": "IVD",
"id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
},
{
"date": "2011-12-05T00:00:00",
"db": "IVD",
"id": "4143b83e-1f7d-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-05T00:00:00",
"db": "IVD",
"id": "84af9d86-1f7d-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-05T00:00:00",
"db": "IVD",
"id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5591"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5127"
},
{
"date": "2011-11-29T00:00:00",
"db": "BID",
"id": "50849"
},
{
"date": "2011-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003530"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-501"
},
{
"date": "2011-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-447"
},
{
"date": "2011-12-25T01:55:04.647000",
"db": "NVD",
"id": "CVE-2011-5007"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5591"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5127"
},
{
"date": "2012-11-15T23:10:00",
"db": "BID",
"id": "50849"
},
{
"date": "2011-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003530"
},
{
"date": "2011-12-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-501"
},
{
"date": "2011-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-447"
},
{
"date": "2024-11-21T01:33:25.053000",
"db": "NVD",
"id": "CVE-2011-5007"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-501"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-447"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3S CoDeSys CmpWebServer Component Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "45e2b734-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "45e91728-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5591"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-447"
}
],
"trust": 1.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "45e2b734-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "45e91728-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5b319126-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7d2bf0-463f-11e9-bf0d-000c29342cb1"
},
{
"db": "IVD",
"id": "4143b83e-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "84af9d86-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7e1d2e16-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-447"
}
],
"trust": 2.0
}
}
var-201112-0098
Vulnerability from variot
Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow. CoDeSys is a powerful PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. The GatewayService has an integer overflow. The GatewayService uses the 32-bit value offset at the header 0x0c to specify the size of the received data. The program receives this value, increasing the number of 0x34 and allocating the amount of memory can cause an integer overflow. CmpWebServer is a component of the 3SRTESrv3 and CoDeSysControlService services for handling 8080 port connections. The function 0040f480 copies the input URI to a limited stack buffer, which can trigger a buffer overflow. 3S CoDeSys handles the Content-Length value in an HTTP POST request to trigger a null pointer reference. An integer overflow vulnerability exists in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 release. CoDeSys is prone to a stack-based buffer-overflow and an integer-overflow vulnerability. Attackers can exploit these issues to execute arbitrary code within the context of the application. Failed attacks may cause a denial-of-service condition. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: CoDeSys Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA47018
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47018/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47018
RELEASE DATE: 2011-12-01
DISCUSS ADVISORY: http://secunia.com/advisories/47018/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/47018/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47018
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Luigi Auriemma has discovered multiple vulnerabilities in CoDeSys, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
2) A boundary error in the Control service when processing web requests can be exploited to cause a stack-based buffer overflow via an overly long URL sent to TCP port 8080.
3) A NULL pointer dereference error in the CmbWebserver.dll module of the Control service when processing HTTP POST requests can be exploited to deny processing further requests via a specially crafted "Content-Length" header sent to TCP port 8080.
4) A second NULL pointer dereference error in the CmbWebserver.dll module of the Control service when processing web requests can be exploited to deny processing further requests by sending a request with an unknown HTTP method to TCP port 8080.
5) An error in the Control service when processing web requests containing a non-existent directory can be exploited to create arbitrary directories within the webroot via requests sent to TCP port 8080.
The vulnerabilities are confirmed in version 3.4 SP4 Patch 2. Other versions may also be affected.
SOLUTION: Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma
ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/codesys_1-adv.txt
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201112-0098",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "codesys sp4 patch",
"scope": "eq",
"trust": 2.7,
"vendor": "3s smart",
"version": "3.42"
},
{
"model": "codesys",
"scope": "eq",
"trust": 1.6,
"vendor": "3ssoftware",
"version": "3.4"
},
{
"model": "codesys",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.4 sp4 patch 2"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "codesys",
"version": "3.4"
},
{
"model": "codesys",
"scope": "eq",
"trust": 0.3,
"vendor": "3s smart",
"version": "3.4"
},
{
"model": "codesys",
"scope": "eq",
"trust": 0.3,
"vendor": "3s smart",
"version": "2.3"
},
{
"model": "codesys",
"scope": "ne",
"trust": 0.3,
"vendor": "3s smart",
"version": "3.5"
},
{
"model": "codesys",
"scope": "ne",
"trust": 0.3,
"vendor": "3s smart",
"version": "2.3.9.32"
}
],
"sources": [
{
"db": "IVD",
"id": "5788c89d-d3e0-4f1f-af03-176565094d3a"
},
{
"db": "IVD",
"id": "7d7d04e2-463f-11e9-a226-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"db": "CNVD",
"id": "CNVD-2011-5127"
},
{
"db": "CNVD",
"id": "CNVD-2011-5590"
},
{
"db": "BID",
"id": "50849"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003531"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-448"
},
{
"db": "NVD",
"id": "CVE-2011-5008"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:codesys:codesys",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003531"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-501"
}
],
"trust": 0.6
},
"cve": "CVE-2011-5008",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2011-5008",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2011-5590",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "5788c89d-d3e0-4f1f-af03-176565094d3a",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d7d04e2-463f-11e9-a226-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-5008",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2011-5008",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2011-5590",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201112-448",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "5788c89d-d3e0-4f1f-af03-176565094d3a",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d7d04e2-463f-11e9-a226-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5788c89d-d3e0-4f1f-af03-176565094d3a"
},
{
"db": "IVD",
"id": "7d7d04e2-463f-11e9-a226-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5590"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003531"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-448"
},
{
"db": "NVD",
"id": "CVE-2011-5008"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow. CoDeSys is a powerful PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. The GatewayService has an integer overflow. The GatewayService uses the 32-bit value offset at the header 0x0c to specify the size of the received data. The program receives this value, increasing the number of 0x34 and allocating the amount of memory can cause an integer overflow. CmpWebServer is a component of the 3SRTESrv3 and CoDeSysControlService services for handling 8080 port connections. The function 0040f480 copies the input URI to a limited stack buffer, which can trigger a buffer overflow. 3S CoDeSys handles the Content-Length value in an HTTP POST request to trigger a null pointer reference. An integer overflow vulnerability exists in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 release. CoDeSys is prone to a stack-based buffer-overflow and an integer-overflow vulnerability. \nAttackers can exploit these issues to execute arbitrary code within the context of the application. Failed attacks may cause a denial-of-service condition. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nCoDeSys Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA47018\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/47018/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47018\n\nRELEASE DATE:\n2011-12-01\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/47018/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/47018/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47018\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nLuigi Auriemma has discovered multiple vulnerabilities in CoDeSys,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService) and compromise a vulnerable system. \n\n2) A boundary error in the Control service when processing web\nrequests can be exploited to cause a stack-based buffer overflow via\nan overly long URL sent to TCP port 8080. \n\n3) A NULL pointer dereference error in the CmbWebserver.dll module of\nthe Control service when processing HTTP POST requests can be\nexploited to deny processing further requests via a specially crafted\n\"Content-Length\" header sent to TCP port 8080. \n\n4) A second NULL pointer dereference error in the CmbWebserver.dll\nmodule of the Control service when processing web requests can be\nexploited to deny processing further requests by sending a request\nwith an unknown HTTP method to TCP port 8080. \n\n5) An error in the Control service when processing web requests\ncontaining a non-existent directory can be exploited to create\narbitrary directories within the webroot via requests sent to TCP\nport 8080. \n\nThe vulnerabilities are confirmed in version 3.4 SP4 Patch 2. Other\nversions may also be affected. \n\nSOLUTION:\nRestrict access to trusted hosts only. \n\nPROVIDED AND/OR DISCOVERED BY:\nLuigi Auriemma\n\nORIGINAL ADVISORY:\nhttp://aluigi.altervista.org/adv/codesys_1-adv.txt\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-5008"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003531"
},
{
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"db": "CNVD",
"id": "CNVD-2011-5127"
},
{
"db": "CNVD",
"id": "CNVD-2011-5590"
},
{
"db": "BID",
"id": "50849"
},
{
"db": "IVD",
"id": "5788c89d-d3e0-4f1f-af03-176565094d3a"
},
{
"db": "IVD",
"id": "7d7d04e2-463f-11e9-a226-000c29342cb1"
},
{
"db": "PACKETSTORM",
"id": "107457"
}
],
"trust": 5.04
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-5008",
"trust": 3.7
},
{
"db": "BID",
"id": "50849",
"trust": 3.3
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-336-01A",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "47018",
"trust": 2.3
},
{
"db": "OSVDB",
"id": "77386",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2011-5590",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201112-448",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003531",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-5128",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-5125",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-5126",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-5127",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201111-501",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20111129 VULNERABILITIES IN 3S CODESYS 3.4 SP4 PATCH 2",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-006-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "5788C89D-D3E0-4F1F-AF03-176565094D3A",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D7D04E2-463F-11E9-A226-000C29342CB1",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "107457",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5788c89d-d3e0-4f1f-af03-176565094d3a"
},
{
"db": "IVD",
"id": "7d7d04e2-463f-11e9-a226-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"db": "CNVD",
"id": "CNVD-2011-5127"
},
{
"db": "CNVD",
"id": "CNVD-2011-5590"
},
{
"db": "BID",
"id": "50849"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003531"
},
{
"db": "PACKETSTORM",
"id": "107457"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-501"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-448"
},
{
"db": "NVD",
"id": "CVE-2011-5008"
}
]
},
"id": "VAR-201112-0098",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5788c89d-d3e0-4f1f-af03-176565094d3a"
},
{
"db": "IVD",
"id": "7d7d04e2-463f-11e9-a226-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"db": "CNVD",
"id": "CNVD-2011-5127"
},
{
"db": "CNVD",
"id": "CNVD-2011-5590"
}
],
"trust": 4.12310607
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 3.4
}
],
"sources": [
{
"db": "IVD",
"id": "5788c89d-d3e0-4f1f-af03-176565094d3a"
},
{
"db": "IVD",
"id": "7d7d04e2-463f-11e9-a226-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"db": "CNVD",
"id": "CNVD-2011-5127"
},
{
"db": "CNVD",
"id": "CNVD-2011-5590"
}
]
},
"last_update_date": "2024-11-23T22:27:38.821000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.3s-software.com/"
},
{
"title": "3S CoDeSys GatewayService component integer overflow vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/37427"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5590"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003531"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-189",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003531"
},
{
"db": "NVD",
"id": "CVE-2011-5008"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.4,
"url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-336-01a.pdf"
},
{
"trust": 2.2,
"url": "http://secunia.com/advisories/47018"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/77386"
},
{
"trust": 1.6,
"url": "http://seclists.org/bugtraq/2011/nov/178"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71531"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5008"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5008"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/50849"
},
{
"trust": 0.3,
"url": "http://www.3s-software.com/index.shtml?en_codesysv3_en"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-006-01.pdf"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47018"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47018/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47018/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"db": "CNVD",
"id": "CNVD-2011-5127"
},
{
"db": "CNVD",
"id": "CNVD-2011-5590"
},
{
"db": "BID",
"id": "50849"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003531"
},
{
"db": "PACKETSTORM",
"id": "107457"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-501"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-448"
},
{
"db": "NVD",
"id": "CVE-2011-5008"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5788c89d-d3e0-4f1f-af03-176565094d3a"
},
{
"db": "IVD",
"id": "7d7d04e2-463f-11e9-a226-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"db": "CNVD",
"id": "CNVD-2011-5127"
},
{
"db": "CNVD",
"id": "CNVD-2011-5590"
},
{
"db": "BID",
"id": "50849"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003531"
},
{
"db": "PACKETSTORM",
"id": "107457"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-501"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-448"
},
{
"db": "NVD",
"id": "CVE-2011-5008"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-26T00:00:00",
"db": "IVD",
"id": "5788c89d-d3e0-4f1f-af03-176565094d3a"
},
{
"date": "2011-12-26T00:00:00",
"db": "IVD",
"id": "7d7d04e2-463f-11e9-a226-000c29342cb1"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5127"
},
{
"date": "2011-12-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5590"
},
{
"date": "2011-11-29T00:00:00",
"db": "BID",
"id": "50849"
},
{
"date": "2011-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003531"
},
{
"date": "2011-12-01T04:30:55",
"db": "PACKETSTORM",
"id": "107457"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-501"
},
{
"date": "2011-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-448"
},
{
"date": "2011-12-25T01:55:04.693000",
"db": "NVD",
"id": "CVE-2011-5008"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5128"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5125"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5126"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5127"
},
{
"date": "2011-12-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5590"
},
{
"date": "2012-11-15T23:10:00",
"db": "BID",
"id": "50849"
},
{
"date": "2011-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003531"
},
{
"date": "2011-12-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-501"
},
{
"date": "2011-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-448"
},
{
"date": "2024-11-21T01:33:25.193000",
"db": "NVD",
"id": "CVE-2011-5008"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-501"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-448"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3S CoDeSys GatewayService Component Integer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "5788c89d-d3e0-4f1f-af03-176565094d3a"
},
{
"db": "IVD",
"id": "7d7d04e2-463f-11e9-a226-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5590"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-448"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-448"
}
],
"trust": 0.6
}
}
var-201201-0095
Vulnerability from variot
The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \ (backslash) characters in an HTTP GET request. CoDeSys is a hardware-independent IEC 61131-3 development system for programming and creating controller applications on the Windows platform. By sending a specially crafted request to TCP port 8080, a remote attacker can be allowed to create any directory under Webroot. CoDeSys is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: CoDeSys Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA47018
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47018/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47018
RELEASE DATE: 2011-12-01
DISCUSS ADVISORY: http://secunia.com/advisories/47018/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/47018/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47018
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Luigi Auriemma has discovered multiple vulnerabilities in CoDeSys, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
1) An integer overflow error in the Gateway service when processing certain requests can be exploited to cause a heap-based buffer overflow via a specially crafted packet sent to TCP port 1217.
2) A boundary error in the Control service when processing web requests can be exploited to cause a stack-based buffer overflow via an overly long URL sent to TCP port 8080.
Successful exploitation of vulnerabilities #1 and #2 allows execution of arbitrary code.
The vulnerabilities are confirmed in version 3.4 SP4 Patch 2. Other versions may also be affected.
SOLUTION: Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma
ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/codesys_1-adv.txt
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201201-0095",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "codesys",
"scope": "eq",
"trust": 1.6,
"vendor": "3ssoftware",
"version": "3.4"
},
{
"model": "codesys",
"scope": "eq",
"trust": 0.8,
"vendor": "3s smart",
"version": "3.4 sp4 patch 2"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "codesys",
"version": "3.4"
},
{
"model": "codesys",
"scope": "eq",
"trust": 0.6,
"vendor": "3s smart",
"version": "2.3.9.32"
},
{
"model": "codesys",
"scope": "eq",
"trust": 0.6,
"vendor": "3s smart",
"version": "3.5"
},
{
"model": "codesys sp4 patch2",
"scope": "eq",
"trust": 0.6,
"vendor": "3ssoftware",
"version": "3.4"
},
{
"model": "codesys sp4 patch",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "3.42"
},
{
"model": "codesys",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "2.3"
},
{
"model": "codesys",
"scope": "ne",
"trust": 0.3,
"vendor": "3s",
"version": "3.5"
},
{
"model": "codesys",
"scope": "ne",
"trust": 0.3,
"vendor": "3s",
"version": "2.3.9.32"
}
],
"sources": [
{
"db": "IVD",
"id": "83ff60fd-8b4e-482a-8ba9-24fe24eeb132"
},
{
"db": "IVD",
"id": "7d719330-463f-11e9-82b9-000c29342cb1"
},
{
"db": "IVD",
"id": "3b396c4c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-7227"
},
{
"db": "CNVD",
"id": "CNVD-2012-9240"
},
{
"db": "BID",
"id": "56732"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001049"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-116"
},
{
"db": "NVD",
"id": "CVE-2011-5058"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:codesys:codesys",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001049"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "56732"
}
],
"trust": 0.3
},
"cve": "CVE-2011-5058",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2011-5058",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2012-9240",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "83ff60fd-8b4e-482a-8ba9-24fe24eeb132",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d719330-463f-11e9-82b9-000c29342cb1",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "3b396c4c-2354-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-5058",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-5058",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2012-9240",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201201-116",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "83ff60fd-8b4e-482a-8ba9-24fe24eeb132",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d719330-463f-11e9-82b9-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "3b396c4c-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "83ff60fd-8b4e-482a-8ba9-24fe24eeb132"
},
{
"db": "IVD",
"id": "7d719330-463f-11e9-82b9-000c29342cb1"
},
{
"db": "IVD",
"id": "3b396c4c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-9240"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001049"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-116"
},
{
"db": "NVD",
"id": "CVE-2011-5058"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \\ (backslash) characters in an HTTP GET request. CoDeSys is a hardware-independent IEC 61131-3 development system for programming and creating controller applications on the Windows platform. By sending a specially crafted request to TCP port 8080, a remote attacker can be allowed to create any directory under Webroot. CoDeSys is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nCoDeSys Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA47018\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/47018/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47018\n\nRELEASE DATE:\n2011-12-01\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/47018/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/47018/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47018\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nLuigi Auriemma has discovered multiple vulnerabilities in CoDeSys,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService) and compromise a vulnerable system. \n\n1) An integer overflow error in the Gateway service when processing\ncertain requests can be exploited to cause a heap-based buffer\noverflow via a specially crafted packet sent to TCP port 1217. \n\n2) A boundary error in the Control service when processing web\nrequests can be exploited to cause a stack-based buffer overflow via\nan overly long URL sent to TCP port 8080. \n\nSuccessful exploitation of vulnerabilities #1 and #2 allows execution\nof arbitrary code. \n\nThe vulnerabilities are confirmed in version 3.4 SP4 Patch 2. Other\nversions may also be affected. \n\nSOLUTION:\nRestrict access to trusted hosts only. \n\nPROVIDED AND/OR DISCOVERED BY:\nLuigi Auriemma\n\nORIGINAL ADVISORY:\nhttp://aluigi.altervista.org/adv/codesys_1-adv.txt\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-5058"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001049"
},
{
"db": "CNVD",
"id": "CNVD-2012-7227"
},
{
"db": "CNVD",
"id": "CNVD-2012-9240"
},
{
"db": "BID",
"id": "56732"
},
{
"db": "IVD",
"id": "83ff60fd-8b4e-482a-8ba9-24fe24eeb132"
},
{
"db": "IVD",
"id": "7d719330-463f-11e9-82b9-000c29342cb1"
},
{
"db": "IVD",
"id": "3b396c4c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "107457"
}
],
"trust": 3.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-5058",
"trust": 4.5
},
{
"db": "SECUNIA",
"id": "47018",
"trust": 2.9
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-336-01A",
"trust": 2.7
},
{
"db": "CNNVD",
"id": "CNNVD-201201-116",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2012-9240",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2012-7227",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001049",
"trust": 0.8
},
{
"db": "BID",
"id": "56732",
"trust": 0.3
},
{
"db": "IVD",
"id": "83FF60FD-8B4E-482A-8BA9-24FE24EEB132",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D719330-463F-11E9-82B9-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "3B396C4C-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "107457",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "83ff60fd-8b4e-482a-8ba9-24fe24eeb132"
},
{
"db": "IVD",
"id": "7d719330-463f-11e9-82b9-000c29342cb1"
},
{
"db": "IVD",
"id": "3b396c4c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-7227"
},
{
"db": "CNVD",
"id": "CNVD-2012-9240"
},
{
"db": "BID",
"id": "56732"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001049"
},
{
"db": "PACKETSTORM",
"id": "107457"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-116"
},
{
"db": "NVD",
"id": "CVE-2011-5058"
}
]
},
"id": "VAR-201201-0095",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "83ff60fd-8b4e-482a-8ba9-24fe24eeb132"
},
{
"db": "IVD",
"id": "7d719330-463f-11e9-82b9-000c29342cb1"
},
{
"db": "IVD",
"id": "3b396c4c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-7227"
},
{
"db": "CNVD",
"id": "CNVD-2012-9240"
}
],
"trust": 2.615404046666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.8
}
],
"sources": [
{
"db": "IVD",
"id": "83ff60fd-8b4e-482a-8ba9-24fe24eeb132"
},
{
"db": "IVD",
"id": "7d719330-463f-11e9-82b9-000c29342cb1"
},
{
"db": "IVD",
"id": "3b396c4c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-7227"
},
{
"db": "CNVD",
"id": "CNVD-2012-9240"
}
]
},
"last_update_date": "2024-11-23T22:27:38.685000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.3s-software.com/"
},
{
"title": "CoDeSys Control service CmbWebserver.dll module directory traversal vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/25815"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7227"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001049"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001049"
},
{
"db": "NVD",
"id": "CVE-2011-5058"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-336-01a.pdf"
},
{
"trust": 2.2,
"url": "http://secunia.com/advisories/47018"
},
{
"trust": 2.0,
"url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72339"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5058"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5058"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/47018http"
},
{
"trust": 0.3,
"url": "http://www.3s-software.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47018"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47018/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47018/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7227"
},
{
"db": "CNVD",
"id": "CNVD-2012-9240"
},
{
"db": "BID",
"id": "56732"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001049"
},
{
"db": "PACKETSTORM",
"id": "107457"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-116"
},
{
"db": "NVD",
"id": "CVE-2011-5058"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "83ff60fd-8b4e-482a-8ba9-24fe24eeb132"
},
{
"db": "IVD",
"id": "7d719330-463f-11e9-82b9-000c29342cb1"
},
{
"db": "IVD",
"id": "3b396c4c-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-7227"
},
{
"db": "CNVD",
"id": "CNVD-2012-9240"
},
{
"db": "BID",
"id": "56732"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001049"
},
{
"db": "PACKETSTORM",
"id": "107457"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-116"
},
{
"db": "NVD",
"id": "CVE-2011-5058"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-12-04T00:00:00",
"db": "IVD",
"id": "83ff60fd-8b4e-482a-8ba9-24fe24eeb132"
},
{
"date": "2012-01-13T00:00:00",
"db": "IVD",
"id": "7d719330-463f-11e9-82b9-000c29342cb1"
},
{
"date": "2012-01-13T00:00:00",
"db": "IVD",
"id": "3b396c4c-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-12-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-7227"
},
{
"date": "2012-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-9240"
},
{
"date": "2011-11-29T00:00:00",
"db": "BID",
"id": "56732"
},
{
"date": "2012-01-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001049"
},
{
"date": "2011-12-01T04:30:55",
"db": "PACKETSTORM",
"id": "107457"
},
{
"date": "2012-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201201-116"
},
{
"date": "2012-01-10T23:55:00.977000",
"db": "NVD",
"id": "CVE-2011-5058"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-12-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-7227"
},
{
"date": "2012-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-9240"
},
{
"date": "2011-11-29T00:00:00",
"db": "BID",
"id": "56732"
},
{
"date": "2012-01-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001049"
},
{
"date": "2012-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201201-116"
},
{
"date": "2024-11-21T01:33:31.660000",
"db": "NVD",
"id": "CVE-2011-5058"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201201-116"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CoDeSys Control service CmbWebserver.dll Module directory traversal vulnerability",
"sources": [
{
"db": "IVD",
"id": "83ff60fd-8b4e-482a-8ba9-24fe24eeb132"
},
{
"db": "CNVD",
"id": "CNVD-2012-7227"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Permission permission and access control",
"sources": [
{
"db": "IVD",
"id": "83ff60fd-8b4e-482a-8ba9-24fe24eeb132"
},
{
"db": "IVD",
"id": "7d719330-463f-11e9-82b9-000c29342cb1"
},
{
"db": "IVD",
"id": "3b396c4c-2354-11e6-abef-000c29c66e3d"
}
],
"trust": 0.6
}
}
cve-2011-5007
Vulnerability from cvelistv5
Published
2011-12-25 01:00
Modified
2024-08-07 00:23
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf | x_refsource_MISC | |
| http://seclists.org/bugtraq/2011/Nov/178 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/47018 | third-party-advisory, x_refsource_SECUNIA | |
| http://aluigi.altervista.org/adv/codesys_1-adv.txt | x_refsource_MISC | |
| http://osvdb.org/77387 | vdb-entry, x_refsource_OSVDB | |
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf | x_refsource_MISC | |
| http://ics-cert.us-cert.gov/advisories/ICSA-12-320-01 | x_refsource_MISC | |
| http://www.exploit-db.com/exploits/18187 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf"
},
{
"name": "20111129 Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2011/Nov/178"
},
{
"name": "47018",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47018"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
},
{
"name": "77387",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/77387"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-320-01"
},
{
"name": "18187",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18187"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-21T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf"
},
{
"name": "20111129 Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2011/Nov/178"
},
{
"name": "47018",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47018"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
},
{
"name": "77387",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/77387"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-320-01"
},
{
"name": "18187",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18187"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf"
},
{
"name": "20111129 Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2011/Nov/178"
},
{
"name": "47018",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47018"
},
{
"name": "http://aluigi.altervista.org/adv/codesys_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
},
{
"name": "77387",
"refsource": "OSVDB",
"url": "http://osvdb.org/77387"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-320-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-320-01"
},
{
"name": "18187",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18187"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5007",
"datePublished": "2011-12-25T01:00:00",
"dateReserved": "2011-12-24T00:00:00",
"dateUpdated": "2024-08-07T00:23:39.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-5058
Vulnerability from cvelistv5
Published
2012-01-10 23:00
Modified
2024-08-07 00:23
Severity ?
EPSS score ?
Summary
The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \ (backslash) characters in an HTTP GET request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72339 | vdb-entry, x_refsource_XF | |
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf | x_refsource_MISC | |
| http://secunia.com/advisories/47018 | third-party-advisory, x_refsource_SECUNIA | |
| http://aluigi.altervista.org/adv/codesys_1-adv.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "codesys-cmbwebserver-dir-traversal(72339)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72339"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf"
},
{
"name": "47018",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47018"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \\ (backslash) characters in an HTTP GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "codesys-cmbwebserver-dir-traversal(72339)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72339"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf"
},
{
"name": "47018",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47018"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \\ (backslash) characters in an HTTP GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "codesys-cmbwebserver-dir-traversal(72339)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72339"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf"
},
{
"name": "47018",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47018"
},
{
"name": "http://aluigi.altervista.org/adv/codesys_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5058",
"datePublished": "2012-01-10T23:00:00",
"dateReserved": "2012-01-10T00:00:00",
"dateUpdated": "2024-08-07T00:23:39.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-5008
Vulnerability from cvelistv5
Published
2011-12-25 01:00
Modified
2024-08-07 00:23
Severity ?
EPSS score ?
Summary
Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf | x_refsource_MISC | |
| http://seclists.org/bugtraq/2011/Nov/178 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/47018 | third-party-advisory, x_refsource_SECUNIA | |
| http://aluigi.altervista.org/adv/codesys_1-adv.txt | x_refsource_MISC | |
| http://www.osvdb.org/77386 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71531 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf"
},
{
"name": "20111129 Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2011/Nov/178"
},
{
"name": "47018",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47018"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
},
{
"name": "77386",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/77386"
},
{
"name": "codesys-gatewayservice-bo(71531)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71531"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf"
},
{
"name": "20111129 Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2011/Nov/178"
},
{
"name": "47018",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47018"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
},
{
"name": "77386",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/77386"
},
{
"name": "codesys-gatewayservice-bo(71531)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71531"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf"
},
{
"name": "20111129 Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2011/Nov/178"
},
{
"name": "47018",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47018"
},
{
"name": "http://aluigi.altervista.org/adv/codesys_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
},
{
"name": "77386",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77386"
},
{
"name": "codesys-gatewayservice-bo(71531)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71531"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5008",
"datePublished": "2011-12-25T01:00:00",
"dateReserved": "2011-12-24T00:00:00",
"dateUpdated": "2024-08-07T00:23:39.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-5009
Vulnerability from cvelistv5
Published
2011-12-25 01:00
Modified
2024-08-07 00:23
Severity ?
EPSS score ?
Summary
The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf | x_refsource_MISC | |
| http://seclists.org/bugtraq/2011/Nov/178 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/47018 | third-party-advisory, x_refsource_SECUNIA | |
| http://aluigi.altervista.org/adv/codesys_1-adv.txt | x_refsource_MISC | |
| http://www.osvdb.org/77388 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71533 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/77389 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf"
},
{
"name": "20111129 Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2011/Nov/178"
},
{
"name": "47018",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47018"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
},
{
"name": "77388",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/77388"
},
{
"name": "codesys-cmpwebserver-dos(71533)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71533"
},
{
"name": "77389",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/77389"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf"
},
{
"name": "20111129 Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2011/Nov/178"
},
{
"name": "47018",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47018"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
},
{
"name": "77388",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/77388"
},
{
"name": "codesys-cmpwebserver-dos(71533)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71533"
},
{
"name": "77389",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/77389"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf"
},
{
"name": "20111129 Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2011/Nov/178"
},
{
"name": "47018",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47018"
},
{
"name": "http://aluigi.altervista.org/adv/codesys_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
},
{
"name": "77388",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77388"
},
{
"name": "codesys-cmpwebserver-dos(71533)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71533"
},
{
"name": "77389",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77389"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5009",
"datePublished": "2011-12-25T01:00:00",
"dateReserved": "2011-12-24T00:00:00",
"dateUpdated": "2024-08-07T00:23:39.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2011-12-25 01:55
Modified
2024-11-21 01:33
Severity ?
Summary
The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 3ssoftware | codesys | 3.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3ssoftware:codesys:3.4:sp4:*:*:*:*:*:*",
"matchCriteriaId": "49B107F2-B145-42E8-A67D-CB167BDF9BC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method."
},
{
"lang": "es",
"value": "El m\u00f3dulo CmpWebServer.dll en el servicio de Control en 3S CoDeSys v3.4 SP4 Patch 2 permite a atacantes remotos causar una denegaci\u00f3n de servicio (NULL pointer dereference) mediante (1) un Content-Length manipulado en un HTTP POST o (2) un m\u00e9todo de solicitud HTTP inv\u00e1lido."
}
],
"id": "CVE-2011-5009",
"lastModified": "2024-11-21T01:33:25.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-25T01:55:04.727",
"references": [
{
"source": "cve@mitre.org",
"url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/bugtraq/2011/Nov/178"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47018"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/77388"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/77389"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2011/Nov/178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/77388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/77389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71533"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-25 01:55
Modified
2024-11-21 01:33
Severity ?
Summary
Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 3ssoftware | codesys | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3ssoftware:codesys:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "885FE441-8F8D-4150-8C63-2D903045BC0B",
"versionEndIncluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080."
},
{
"lang": "es",
"value": "El desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el componente CmpWebServer en 3S CoDeSys versi\u00f3n 3.4 SP4 Patch 2 y anteriores, como es usado en el PLC ABB AC500 y posiblemente en otros productos, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un URI largo hasta el puerto TCP 8080."
}
],
"id": "CVE-2011-5007",
"lastModified": "2024-11-21T01:33:25.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-25T01:55:04.647",
"references": [
{
"source": "cve@mitre.org",
"url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
},
{
"source": "cve@mitre.org",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-320-01"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/77387"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/bugtraq/2011/Nov/178"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47018"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18187"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-320-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/77387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2011/Nov/178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-25 01:55
Modified
2024-11-21 01:33
Severity ?
Summary
Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 3ssoftware | codesys | 3.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3ssoftware:codesys:3.4:sp4:*:*:*:*:*:*",
"matchCriteriaId": "49B107F2-B145-42E8-A67D-CB167BDF9BC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Desbordamiento de entero en el componente GatewayService en 3S CoDeSys v3.4 Parche 2 SP4 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante un valor de gran tama\u00f1o en la cabecera del paquete, lo que provoca un desbordamiento de b\u00fafer basado en heap (mont\u00f3n)."
}
],
"id": "CVE-2011-5008",
"lastModified": "2024-11-21T01:33:25.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-25T01:55:04.693",
"references": [
{
"source": "cve@mitre.org",
"url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/bugtraq/2011/Nov/178"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47018"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/77386"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2011/Nov/178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/77386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71531"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-10 23:55
Modified
2024-11-21 01:33
Severity ?
Summary
The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \ (backslash) characters in an HTTP GET request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 3ssoftware | codesys | 3.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3ssoftware:codesys:3.4:sp4:patch2:*:*:*:*:*",
"matchCriteriaId": "34BDD287-3548-4530-9CE3-0EF065BAA8EA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \\ (backslash) characters in an HTTP GET request."
},
{
"lang": "es",
"value": "El m\u00f3dulo CmbWebserver.dll del servicio de control de 3S CoDeSys v3.4 SP4 Patch 2 permite a atacantes remotos crear en la ra\u00edz web mediante la especificaci\u00f3n de un directorio inexistente utilizando caracteres \\ (barra invertida) en una petici\u00f3n HTTP GET."
}
],
"id": "CVE-2011-5058",
"lastModified": "2024-11-21T01:33:31.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-10T23:55:00.977",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47018"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/codesys_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72339"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}