The host is running CoDeSys and is prone to multiple vulnerabilities.
Successful exploitation may allow remote attackers to execute arbitrary code on the system or cause the application to crash. Impact Level: System/Application
Upgrade to version 3.5 or higher or 220.127.116.11 or higher, For updates refer to http://www.3s-software.com/index.shtml?en_CoDeSysV3_en
- A boundary error in the Control service when processing web requests can be exploited to cause a stack-based buffer overflow via an overly long URL sent to TCP port 8080. - A NULL pointer dereference error in the CmbWebserver.dll module of the Control service when processing HTTP POST requests can be exploited to deny processing further requests via a specially crafted 'Content-Length' header sent to TCP port 8080. - A NULL pointer dereference error in the CmbWebserver.dll module of the Control service when processing web requests can be exploited to deny processing further requests by sending a request with an unknown HTTP method to TCP port 8080. - An error in the Control service when processing web requests containing a non existent directory can be exploited to create arbitrary directories within the webroot via requests sent to TCP port 8080. - An integer overflow error in the Gateway service when processing certain requests can be exploited to cause a heap-based buffer overflow via a specially crafted packet sent to TCP port 1217.
3S CoDeSys version 3.4 SP4 Patch 2 and prior.
Updated on 2015-03-25
CVE CVE-2011-5007, CVE-2011-5008, CVE-2011-5009, CVE-2011-5058
CVSS Base Score: 10.0