Smart Software Solutions CoDeSys Webserver URI Copying Stack Buffer Overflow
Added: 12/16/2011CVE: CVE-2011-5007
BID: 50849
OSVDB: 77387
Background
Smart Software Solutions GmbH (3S) manufactures CoDeSys Web Server, a Supervisory Control and Data Acquisition/Human-Machine Interface (SCADA/HMI) product. The SCADA Web Server listens on TCP port 8080.Problem
The CmpWebServer.dll library is affected by a buffer overflow in the function 0040f480 that copies the input URI into a limited stack buffer allowing code execution.Resolution
Upgrade or apply patches when they become available.References
http://aluigi.altervista.org/adv/codesys_1-adv.txthttp://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf
http://www.scadahacker.com/vulndb/2011/ics-vuln-3s-11-336-01.html
Limitations
Exploit works on Smart Software Solutions CoDeSys 2.3.9.31, running on Microsoft Windows Server 2003 SP2 English (DEP OptOut) with patches KB956802 and KB2393802 installed.Platforms
Windows Server 2003Back to exploit index