3S CoDeSys CmpWebServer Multiple Vulnerabilities

Summary
The host is running CoDeSys and is prone to multiple vulnerabilities.
Impact
Successful exploitation may allow remote attackers to execute arbitrary code on the system or cause the application to crash. Impact Level: System/Application
Solution
Upgrade to version 3.5 or higher or 2.3.9.32 or higher, For updates refer to http://www.3s-software.com/index.shtml?en_CoDeSysV3_en
Insight
- A boundary error in the Control service when processing web requests can be exploited to cause a stack-based buffer overflow via an overly long URL sent to TCP port 8080. - A NULL pointer dereference error in the CmbWebserver.dll module of the Control service when processing HTTP POST requests can be exploited to deny processing further requests via a specially crafted 'Content-Length' header sent to TCP port 8080. - A NULL pointer dereference error in the CmbWebserver.dll module of the Control service when processing web requests can be exploited to deny processing further requests by sending a request with an unknown HTTP method to TCP port 8080. - An error in the Control service when processing web requests containing a non existent directory can be exploited to create arbitrary directories within the webroot via requests sent to TCP port 8080. - An integer overflow error in the Gateway service when processing certain requests can be exploited to cause a heap-based buffer overflow via a specially crafted packet sent to TCP port 1217.
Affected
3S CoDeSys version 3.4 SP4 Patch 2 and prior.
References