CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13538
https://notcve.org/view.php?id=CVE-2019-13538
3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only. 3S-Smart Software Solutions GmbH CODESYS versión V3 Library Manager, todas las versiones anteriores a la 3.5.16.0, permite que el sistema despliegue el contenido de la biblioteca activa sin comprobar su validez, lo que puede permitir que el contenido de las bibliotecas manipuladas sea mostrado o ejecutado. El problema también existe para las bibliotecas de fuente, pero 3S-Smart Software Solutions GmbH recomienda encarecidamente distribuir sólo las bibliotecas compiladas. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12940&token=7723e5ed99830656f487e218e73dce2de751102f https://www.us-cert.gov/ics/advisories/icsa-19-255-02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 1CVE-2011-5058
https://notcve.org/view.php?id=CVE-2011-5058
The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \ (backslash) characters in an HTTP GET request. El módulo CmbWebserver.dll del servicio de control de 3S CoDeSys v3.4 SP4 Patch 2 permite a atacantes remotos crear en la raíz web mediante la especificación de un directorio inexistente utilizando caracteres \ (barra invertida) en una petición HTTP GET. • http://aluigi.altervista.org/adv/codesys_1-adv.txt http://secunia.com/advisories/47018 http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/72339 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 47%CPEs: 1EXPL: 1CVE-2011-5008
https://notcve.org/view.php?id=CVE-2011-5008
Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow. Desbordamiento de entero en el componente GatewayService en 3S CoDeSys v3.4 Parche 2 SP4 permite a atacantes remotos ejecutar código arbitrario mediante un valor de gran tamaño en la cabecera del paquete, lo que provoca un desbordamiento de búfer basado en heap (montón). • http://aluigi.altervista.org/adv/codesys_1-adv.txt http://seclists.org/bugtraq/2011/Nov/178 http://secunia.com/advisories/47018 http://www.osvdb.org/77386 http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/71531 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 90%CPEs: 1EXPL: 3CVE-2011-5007 – CoDeSys SCADA 2.3 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-5007
Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080. El desbordamiento de búfer en la región stack de la memoria en el componente CmpWebServer en 3S CoDeSys versión 3.4 SP4 Patch 2 y anteriores, como es usado en el PLC ABB AC500 y posiblemente en otros productos, permite a los atacantes remotos ejecutar código arbitrario por medio de un URI largo hasta el puerto TCP 8080. • https://www.exploit-db.com/exploits/18187 https://www.exploit-db.com/exploits/18240 http://aluigi.altervista.org/adv/codesys_1-adv.txt http://ics-cert.us-cert.gov/advisories/ICSA-12-320-01 http://osvdb.org/77387 http://seclists.org/bugtraq/2011/Nov/178 http://secunia.com/advisories/47018 http://www.exploit-db.com/exploits/18187 http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 6%CPEs: 1EXPL: 3CVE-2011-5009 – CoDeSys 3.4 - Null Pointer Invalid HTTP Request Parsing Remote Denial of Service
https://notcve.org/view.php?id=CVE-2011-5009
The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method. El módulo CmpWebServer.dll en el servicio de Control en 3S CoDeSys v3.4 SP4 Patch 2 permite a atacantes remotos causar una denegación de servicio (NULL pointer dereference) mediante (1) un Content-Length manipulado en un HTTP POST o (2) un método de solicitud HTTP inválido. • https://www.exploit-db.com/exploits/36378 https://www.exploit-db.com/exploits/36377 http://aluigi.altervista.org/adv/codesys_1-adv.txt http://seclists.org/bugtraq/2011/Nov/178 http://secunia.com/advisories/47018 http://www.osvdb.org/77388 http://www.osvdb.org/77389 http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/71533 •