Smart Software Solutions CoDeSys Webserver URI Copying Stack Buffer Overflow

Added: 12/16/2011
CVE: CVE-2011-5007
BID: 50849
OSVDB: 77387

Background

Smart Software Solutions GmbH (3S) manufactures CoDeSys Web Server, a Supervisory Control and Data Acquisition/Human-Machine Interface (SCADA/HMI) product. The SCADA Web Server listens on TCP port 8080.

Problem

The CmpWebServer.dll library is affected by a buffer overflow in the function 0040f480 that copies the input URI into a limited stack buffer allowing code execution.

Resolution

Upgrade or apply patches when they become available.

References

http://aluigi.altervista.org/adv/codesys_1-adv.txt
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf
http://www.scadahacker.com/vulndb/2011/ics-vuln-3s-11-336-01.html

Limitations

Exploit works on Smart Software Solutions CoDeSys 2.3.9.31, running on Microsoft Windows Server 2003 SP2 English (DEP OptOut) with patches KB956802 and KB2393802 installed.

Platforms

Windows Server 2003

Back to exploit index