SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-101925263] 3S-Smart Software Solutions GmbH CODESYS Web Server

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-03-28Other3S-Smart Software Solutions GmbHDavid Atch of CyberX discovered the vulnerabilities and has tested the patch.N/ACVE-2017-6027 CVE-2017-6025 N/AN/AN/A

Source

						
							
								
#
# 3S-Smart Software Solutions GmbH CODESYS Web Server
#


### VULNERABLE VENDOR
3S-Smart Software Solutions GmbH


### VULNERABLE PRODUCT
CODESYS Web Server



### RESEARCHER
David Atch of CyberX discovered the vulnerabilities and has tested the patch.



### AFFECTED PRODUCTS

The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected:

CODESYS Web Server Versions 2.3 and prior.



### IMPACT

Successful exploitation of these vulnerabilities could allow arbitrary files to be uploaded to the CODESYS Web Server without authorization. Additionally, an attacker may be able to crash the application or execute arbitrary code.



### VULNERABILITY OVERVIEW

UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434
A specially crafted web server request may allow the upload of arbitrary files to the CODESYS Web Server without authorization which may allow remote code execution.
CVE-2017-6027 has been assigned to this vulnerability.
A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)


STACK-BASED BUFFER OVERFLOW CWE-121
A malicious user could overflow the stack buffer by providing overly long strings to functions that handle the XML.
Because the function does not verify string size before copying to memory, the attacker may then be able to crash the application or run arbitrary code.
CVE-2017-6025 has been assigned to this vulnerability.
A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)





### BACKGROUND

Critical Infrastructure Sector(s): Critical Manufacturing, Energy
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Kempten, Germany




### MITIGATION

3S-Smart Software Solutions GmbH recommends that device manufacturers who program their devices with CODESYS refer to the device directory to determine if they may be affected. The device directory can be found at the following location:

http://devices.codesys.com/device-directory.html


3S-Smart Software Solutions GmbH recommends that users register for an account and download patch V.1.1.9.18 from the following location:

http://store.codesys.com/codesys-23.html