Smart Software Solutions CoDeSys Webserver URI Copying Stack Buffer Overflow

2011-12-1600:00:00

SAINT Corporation

my.saintcorporation.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.835 High

EPSS

Percentile

98.5%

JSON

Added: 12/16/2011
CVE: CVE-2011-5007
BID: 50849
OSVDB: 77387

Background

Smart Software Solutions GmbH (3S) manufactures CoDeSys Web Server, a Supervisory Control and Data Acquisition/Human-Machine Interface (SCADA/HMI) product. The SCADA Web Server listens on TCP port 8080.

Problem

The **CmpWebServer.dll** library is affected by a buffer overflow in the function **0040f480** that copies the input URI into a limited stack buffer allowing code execution.

Resolution

Upgrade or apply patches when they become available.

References

<http://aluigi.altervista.org/adv/codesys_1-adv.txt>
<http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01.pdf>
<http://www.scadahacker.com/vulndb/2011/ics-vuln-3s-11-336-01.html>

Limitations

Exploit works on Smart Software Solutions CoDeSys 2.3.9.31, running on Microsoft Windows Server 2003 SP2 English (DEP OptOut) with patches KB956802 and KB2393802 installed.