RSS   Vulnerabilities for 'Web server'   RSS

2017-05-18
 
CVE-2017-6027

CWE-434
 

 
An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution.

 
 
CVE-2017-6025

CWE-119
 

 
A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A malicious user could overflow the stack buffer by providing overly long strings to functions that handle the XML. Because the function does not verify string size before copying to memory, the attacker may then be able to crash the application or run arbitrary code.

 

 >>> Vendor: Codesys 46 Products
Web server
Gateway
Codesys
Control for beaglebone
Control for empc-a/imx6
Control for iot2000
Control for pfc100
Control for pfc200
Control for raspberry pi
Control for empc-a\/imx6
Control for linux
Control for plcnext
Control rte
Control runtime system toolkit
Control win
Embedded target visu toolkit
HMI
Remote target visu toolkit
Plcwinnt
Runtime toolkit
Sp realtime nt
Safety sil2
Simulation runtime
Runtime
Development system
Control for wago touch panels 600
Automation server
V2 web server
V2 runtime system sp
Ethernetip
Profinet
Control for beaglebone sl
Control for beckhoff cx9020
Control for empc-a\/imx6 sl
Control for iot2000 sl
Control for linux sl
Control for pfc100 sl
Control for pfc200 sl
Control for plcnext sl
Control for raspberry pi sl
Control for wago touch panels 600 sl
Control rte sl
Control rte sl \(for beckhoff cx\)
Control win sl
Edge gateway
Hmi sl


Copyright 2024, cxsecurity.com

 

Back to Top