cbcvebase.
CVE-2017-6027
published 2017-05-19

CVE-2017-6027: An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the…

PriorityP268critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
2.63%
83.6th percentile
An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution.

Affected

1 ranges
VendorProductVersion rangeFixed in
codesysweb_server<= 2.3

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability allows unauthenticated upload of arbitrary files with dangerous types via a specially crafted web server request to CODESYS Web Server
  • No authentication is required to exploit this file upload vulnerability — network-accessible CODESYS Web Server instances should be treated as immediately at risk
  • Remotely exploitable with low skill level; prioritize detection of unauthenticated HTTP POST/upload requests to CODESYS Web Server endpoints
  • ·Only CODESYS Web Server Versions 2.3 and prior are affected; scope detection rules accordingly
  • ·No known public exploits specifically targeting this vulnerability were identified at time of advisory publication

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.