Added: 12/16/2011
CVE: CVE-2011-5007
BID: 50849
OSVDB: 77387
Smart Software Solutions GmbH (3S) manufactures CoDeSys Web Server, a Supervisory Control and Data Acquisition/Human-Machine Interface (SCADA/HMI) product. The SCADA Web Server listens on TCP port 8080.
The **CmpWebServer.dll**
library is affected by a buffer overflow in the function **0040f480**
that copies the input URI into a limited stack buffer allowing code execution.
Upgrade or apply patches when they become available.
<http://aluigi.altervista.org/adv/codesys_1-adv.txt>
<http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf>
<http://www.scadahacker.com/vulndb/2011/ics-vuln-3s-11-336-01.html>
Exploit works on Smart Software Solutions CoDeSys 2.3.9.31, running on Microsoft Windows Server 2003 SP2 English (DEP OptOut) with patches KB956802 and KB2393802 installed.
Windows Server 2003