Lucene search

[email protected]NVD:CVE-2011-5007

HistoryDec 25, 2011 - 1:55 a.m.

CVE-2011-5007

2011-12-2501:55:04

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

Low

EPSS

0.871

Percentile

98.7%

JSON

Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080.

Affected configurations

Nvd

Node

3ssoftwarecodesysRange≤3.4sp4

VendorProductVersionCPE
3ssoftwarecodesys*cpe:2.3:a:3ssoftware:codesys:*:sp4:*:*:*:*:*:*

Vendor	Product	Version	CPE
3ssoftware	codesys	*	cpe:2.3:a:3ssoftware:codesys::sp4::::::*

References

aluigi.altervista.org/adv/codesys_1-adv.txt

ics-cert.us-cert.gov/advisories/ICSA-12-320-01

osvdb.org/77387

seclists.org/bugtraq/2011/Nov/178

secunia.com/advisories/47018

www.exploit-db.com/exploits/18187

www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf

www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

Low

EPSS

0.871

Percentile

98.7%

JSON

Related for NVD:CVE-2011-5007

exploitdb2 cvelist1 cve1 saint4 ics2 metasploit1 checkpoint_advisories1 prion1 openvas1