CVE-2011-5058
https://notcve.org/view.php?id=CVE-2011-5058
The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \ (backslash) characters in an HTTP GET request. El módulo CmbWebserver.dll del servicio de control de 3S CoDeSys v3.4 SP4 Patch 2 permite a atacantes remotos crear en la raíz web mediante la especificación de un directorio inexistente utilizando caracteres \ (barra invertida) en una petición HTTP GET. • http://aluigi.altervista.org/adv/codesys_1-adv.txt http://secunia.com/advisories/47018 http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/72339 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-5009 – CoDeSys 3.4 - Null Pointer Invalid HTTP Request Parsing Remote Denial of Service
https://notcve.org/view.php?id=CVE-2011-5009
The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method. El módulo CmpWebServer.dll en el servicio de Control en 3S CoDeSys v3.4 SP4 Patch 2 permite a atacantes remotos causar una denegación de servicio (NULL pointer dereference) mediante (1) un Content-Length manipulado en un HTTP POST o (2) un método de solicitud HTTP inválido. • https://www.exploit-db.com/exploits/36378 https://www.exploit-db.com/exploits/36377 http://aluigi.altervista.org/adv/codesys_1-adv.txt http://seclists.org/bugtraq/2011/Nov/178 http://secunia.com/advisories/47018 http://www.osvdb.org/77388 http://www.osvdb.org/77389 http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/71533 •
CVE-2011-5008
https://notcve.org/view.php?id=CVE-2011-5008
Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow. Desbordamiento de entero en el componente GatewayService en 3S CoDeSys v3.4 Parche 2 SP4 permite a atacantes remotos ejecutar código arbitrario mediante un valor de gran tamaño en la cabecera del paquete, lo que provoca un desbordamiento de búfer basado en heap (montón). • http://aluigi.altervista.org/adv/codesys_1-adv.txt http://seclists.org/bugtraq/2011/Nov/178 http://secunia.com/advisories/47018 http://www.osvdb.org/77386 http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/71531 • CWE-189: Numeric Errors •
CVE-2011-5007 – CoDeSys SCADA 2.3 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-5007
Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080. El desbordamiento de búfer en la región stack de la memoria en el componente CmpWebServer en 3S CoDeSys versión 3.4 SP4 Patch 2 y anteriores, como es usado en el PLC ABB AC500 y posiblemente en otros productos, permite a los atacantes remotos ejecutar código arbitrario por medio de un URI largo hasta el puerto TCP 8080. • https://www.exploit-db.com/exploits/18187 https://www.exploit-db.com/exploits/18240 http://aluigi.altervista.org/adv/codesys_1-adv.txt http://ics-cert.us-cert.gov/advisories/ICSA-12-320-01 http://osvdb.org/77387 http://seclists.org/bugtraq/2011/Nov/178 http://secunia.com/advisories/47018 http://www.exploit-db.com/exploits/18187 http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •