cbcvebase.

3Ssoftware Codesys vulnerabilities

4 known vulnerabilities affecting 3ssoftware/codesys.

Total CVEs
4
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2011-5007P2CRITICALCVSS 10.0PoC≤ 3.42011-12-25
CVE-2011-5007 [CRITICAL] CWE-119 CVE-2011-5007: Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080.
nvd
CVE-2011-5009P4MEDIUMCVSS 5.0PoCv3.42011-12-25
CVE-2011-5009 [MEDIUM] CVE-2011-5009: The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attac The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method.
nvd
CVE-2011-5008P3HIGHCVSS 7.5v3.42011-12-25
CVE-2011-5008 [HIGH] CWE-189 CVE-2011-5008: Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attacke Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow.
nvd
CVE-2011-5058P4MEDIUMCVSS 6.4v3.42012-01-10
CVE-2011-5058 [MEDIUM] CWE-264 CVE-2011-5058: The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attac The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \ (backslash) characters in an HTTP GET request.
nvd
3Ssoftware Codesys vulnerabilities | cvebase