ID

VAR-201112-0097


CVE

CVE-2011-5007


TITLE

3S CoDeSys CmpWebServer Component Buffer Overflow Vulnerability

Trust: 1.8

sources: IVD: 45e2b734-2354-11e6-abef-000c29c66e3d // IVD: 45e91728-2354-11e6-abef-000c29c66e3d // IVD: 7d7d2bf0-463f-11e9-bf0d-000c29342cb1 // CNVD: CNVD-2011-5591 // CNNVD: CNNVD-201112-447

DESCRIPTION

Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080. CoDeSys is a powerful PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. The GatewayService has an integer overflow. The GatewayService uses the 32-bit value offset at the header 0x0c to specify the size of the received data. The program receives this value, increasing the number of 0x34 and allocating the amount of memory can cause an integer overflow. CmpWebServer is a component of the 3SRTESrv3 and CoDeSysControlService services for handling 8080 port connections. The function 0040f480 copies the input URI to a limited stack buffer, which can trigger a buffer overflow. 3S CoDeSys handles the Content-Length value in an HTTP POST request to trigger a null pointer reference. CoDeSys is prone to a stack-based buffer-overflow and an integer-overflow vulnerability. Failed attacks may cause a denial-of-service condition

Trust: 5.85

sources: NVD: CVE-2011-5007 // JVNDB: JVNDB-2011-003530 // CNVD: CNVD-2011-5591 // CNVD: CNVD-2011-5128 // CNVD: CNVD-2011-5125 // CNVD: CNVD-2011-5126 // CNVD: CNVD-2011-5127 // BID: 50849 // IVD: 45e2b734-2354-11e6-abef-000c29c66e3d // IVD: 45e91728-2354-11e6-abef-000c29c66e3d // IVD: 5b319126-1f7d-11e6-abef-000c29c66e3d // IVD: 7d7d2bf0-463f-11e9-bf0d-000c29342cb1 // IVD: 4143b83e-1f7d-11e6-abef-000c29c66e3d // IVD: 84af9d86-1f7d-11e6-abef-000c29c66e3d // IVD: 7e1d2e16-1f7d-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 4.4

sources: IVD: 45e2b734-2354-11e6-abef-000c29c66e3d // IVD: 45e91728-2354-11e6-abef-000c29c66e3d // IVD: 5b319126-1f7d-11e6-abef-000c29c66e3d // IVD: 7d7d2bf0-463f-11e9-bf0d-000c29342cb1 // IVD: 4143b83e-1f7d-11e6-abef-000c29c66e3d // IVD: 84af9d86-1f7d-11e6-abef-000c29c66e3d // IVD: 7e1d2e16-1f7d-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5591 // CNVD: CNVD-2011-5128 // CNVD: CNVD-2011-5125 // CNVD: CNVD-2011-5126 // CNVD: CNVD-2011-5127

AFFECTED PRODUCTS

vendor:3s smartmodel:codesys sp4 patchscope:eqversion:3.42

Trust: 3.5

vendor:3ssoftwaremodel:codesysscope:lteversion:3.4

Trust: 1.0

vendor:3s smartmodel:codesysscope:lteversion:3.4 sp4 patch 2

Trust: 0.8

vendor:codesysmodel: - scope:eqversion:*

Trust: 0.6

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:3ssoftwaremodel:codesysscope:eqversion:3.4

Trust: 0.6

vendor:3s smartmodel:codesysscope:eqversion:3.4

Trust: 0.3

vendor:3s smartmodel:codesysscope:eqversion:2.3

Trust: 0.3

vendor:3s smartmodel:codesysscope:neversion:3.5

Trust: 0.3

vendor:3s smartmodel:codesysscope:neversion:2.3.9.32

Trust: 0.3

sources: IVD: 45e2b734-2354-11e6-abef-000c29c66e3d // IVD: 45e91728-2354-11e6-abef-000c29c66e3d // IVD: 5b319126-1f7d-11e6-abef-000c29c66e3d // IVD: 7d7d2bf0-463f-11e9-bf0d-000c29342cb1 // IVD: 4143b83e-1f7d-11e6-abef-000c29c66e3d // IVD: 84af9d86-1f7d-11e6-abef-000c29c66e3d // IVD: 7e1d2e16-1f7d-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5591 // CNVD: CNVD-2011-5128 // CNVD: CNVD-2011-5125 // CNVD: CNVD-2011-5126 // CNVD: CNVD-2011-5127 // BID: 50849 // JVNDB: JVNDB-2011-003530 // CNNVD: CNNVD-201112-447 // NVD: CVE-2011-5007

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-5007
value: HIGH

Trust: 1.0

NVD: CVE-2011-5007
value: HIGH

Trust: 0.8

CNVD: CNVD-2011-5591
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201112-447
value: CRITICAL

Trust: 0.6

IVD: 45e2b734-2354-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

IVD: 45e91728-2354-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

IVD: 5b319126-1f7d-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

IVD: 7d7d2bf0-463f-11e9-bf0d-000c29342cb1
value: CRITICAL

Trust: 0.2

IVD: 4143b83e-1f7d-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

IVD: 84af9d86-1f7d-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

IVD: 7e1d2e16-1f7d-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2011-5007
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2011-5591
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 45e2b734-2354-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 45e91728-2354-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 5b319126-1f7d-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 7d7d2bf0-463f-11e9-bf0d-000c29342cb1
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 4143b83e-1f7d-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 84af9d86-1f7d-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 7e1d2e16-1f7d-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 45e2b734-2354-11e6-abef-000c29c66e3d // IVD: 45e91728-2354-11e6-abef-000c29c66e3d // IVD: 5b319126-1f7d-11e6-abef-000c29c66e3d // IVD: 7d7d2bf0-463f-11e9-bf0d-000c29342cb1 // IVD: 4143b83e-1f7d-11e6-abef-000c29c66e3d // IVD: 84af9d86-1f7d-11e6-abef-000c29c66e3d // IVD: 7e1d2e16-1f7d-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5591 // JVNDB: JVNDB-2011-003530 // CNNVD: CNNVD-201112-447 // NVD: CVE-2011-5007

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2011-003530 // NVD: CVE-2011-5007

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201111-501 // CNNVD: CNNVD-201112-447

TYPE

Buffer overflow

Trust: 2.0

sources: IVD: 45e2b734-2354-11e6-abef-000c29c66e3d // IVD: 45e91728-2354-11e6-abef-000c29c66e3d // IVD: 5b319126-1f7d-11e6-abef-000c29c66e3d // IVD: 7d7d2bf0-463f-11e9-bf0d-000c29342cb1 // IVD: 4143b83e-1f7d-11e6-abef-000c29c66e3d // IVD: 84af9d86-1f7d-11e6-abef-000c29c66e3d // IVD: 7e1d2e16-1f7d-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201112-447

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-003530

PATCH

title:Top Pageurl:http://www.3s-software.com/

Trust: 0.8

title:3S CoDeSys CmpWebServer component buffer overflow vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/37428

Trust: 0.6

sources: CNVD: CNVD-2011-5591 // JVNDB: JVNDB-2011-003530

EXTERNAL IDS

db:NVDid:CVE-2011-5007

Trust: 4.7

db:BIDid:50849

Trust: 3.3

db:ICS CERT ALERTid:ICS-ALERT-11-336-01A

Trust: 2.4

db:OSVDBid:77387

Trust: 2.2

db:CNNVDid:CNNVD-201112-447

Trust: 2.0

db:EXPLOIT-DBid:18187

Trust: 1.6

db:ICS CERT ALERTid:ICS-ALERT-11-336-01

Trust: 1.6

db:SECUNIAid:47018

Trust: 1.6

db:CNVDid:CNVD-2011-5591

Trust: 1.2

db:ICS CERTid:ICSA-12-320-01

Trust: 1.0

db:CNVDid:CNVD-2011-5128

Trust: 0.8

db:CNVDid:CNVD-2011-5125

Trust: 0.8

db:CNVDid:CNVD-2011-5127

Trust: 0.8

db:CNVDid:CNVD-2011-5126

Trust: 0.8

db:JVNDBid:JVNDB-2011-003530

Trust: 0.8

db:CNNVDid:CNNVD-201111-501

Trust: 0.6

db:BUGTRAQid:20111129 VULNERABILITIES IN 3S CODESYS 3.4 SP4 PATCH 2

Trust: 0.6

db:ICS CERTid:ICSA-12-006-01

Trust: 0.3

db:IVDid:45E2B734-2354-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:45E91728-2354-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:5B319126-1F7D-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:7D7D2BF0-463F-11E9-BF0D-000C29342CB1

Trust: 0.2

db:IVDid:4143B83E-1F7D-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:84AF9D86-1F7D-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:7E1D2E16-1F7D-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 45e2b734-2354-11e6-abef-000c29c66e3d // IVD: 45e91728-2354-11e6-abef-000c29c66e3d // IVD: 5b319126-1f7d-11e6-abef-000c29c66e3d // IVD: 7d7d2bf0-463f-11e9-bf0d-000c29342cb1 // IVD: 4143b83e-1f7d-11e6-abef-000c29c66e3d // IVD: 84af9d86-1f7d-11e6-abef-000c29c66e3d // IVD: 7e1d2e16-1f7d-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5591 // CNVD: CNVD-2011-5128 // CNVD: CNVD-2011-5125 // CNVD: CNVD-2011-5126 // CNVD: CNVD-2011-5127 // BID: 50849 // JVNDB: JVNDB-2011-003530 // CNNVD: CNNVD-201111-501 // CNNVD: CNNVD-201112-447 // NVD: CVE-2011-5007

REFERENCES

url:http://aluigi.altervista.org/adv/codesys_1-adv.txt

Trust: 4.3

url:http://www.us-cert.gov/control_systems/pdf/ics-alert-11-336-01a.pdf

Trust: 2.4

url:http://osvdb.org/77387

Trust: 2.2

url:http://www.us-cert.gov/control_systems/pdf/ics-alert-11-336-01.pdf

Trust: 1.6

url:http://www.exploit-db.com/exploits/18187

Trust: 1.6

url:http://secunia.com/advisories/47018

Trust: 1.6

url:http://seclists.org/bugtraq/2011/nov/178

Trust: 1.6

url:http://ics-cert.us-cert.gov/advisories/icsa-12-320-01

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5007

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5007

Trust: 0.8

url:http://www.securityfocus.com/bid/50849

Trust: 0.6

url:http://www.3s-software.com/index.shtml?en_codesysv3_en

Trust: 0.3

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-006-01.pdf

Trust: 0.3

sources: CNVD: CNVD-2011-5591 // CNVD: CNVD-2011-5128 // CNVD: CNVD-2011-5125 // CNVD: CNVD-2011-5126 // CNVD: CNVD-2011-5127 // BID: 50849 // JVNDB: JVNDB-2011-003530 // CNNVD: CNNVD-201111-501 // CNNVD: CNNVD-201112-447 // NVD: CVE-2011-5007

CREDITS

Luigi Auriemma

Trust: 0.6

sources: CNNVD: CNNVD-201111-501

SOURCES

db:IVDid:45e2b734-2354-11e6-abef-000c29c66e3d
db:IVDid:45e91728-2354-11e6-abef-000c29c66e3d
db:IVDid:5b319126-1f7d-11e6-abef-000c29c66e3d
db:IVDid:7d7d2bf0-463f-11e9-bf0d-000c29342cb1
db:IVDid:4143b83e-1f7d-11e6-abef-000c29c66e3d
db:IVDid:84af9d86-1f7d-11e6-abef-000c29c66e3d
db:IVDid:7e1d2e16-1f7d-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-5591
db:CNVDid:CNVD-2011-5128
db:CNVDid:CNVD-2011-5125
db:CNVDid:CNVD-2011-5126
db:CNVDid:CNVD-2011-5127
db:BIDid:50849
db:JVNDBid:JVNDB-2011-003530
db:CNNVDid:CNNVD-201111-501
db:CNNVDid:CNNVD-201112-447
db:NVDid:CVE-2011-5007

LAST UPDATE DATE

2024-11-07T22:26:13.090000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-5591date:2011-12-26T00:00:00
db:CNVDid:CNVD-2011-5128date:2011-12-05T00:00:00
db:CNVDid:CNVD-2011-5125date:2011-12-05T00:00:00
db:CNVDid:CNVD-2011-5126date:2011-12-05T00:00:00
db:CNVDid:CNVD-2011-5127date:2011-12-05T00:00:00
db:BIDid:50849date:2012-11-15T23:10:00
db:JVNDBid:JVNDB-2011-003530date:2011-12-28T00:00:00
db:CNNVDid:CNNVD-201111-501date:2011-12-01T00:00:00
db:CNNVDid:CNNVD-201112-447date:2011-12-26T00:00:00
db:NVDid:CVE-2011-5007date:2013-05-21T03:12:51.183

SOURCES RELEASE DATE

db:IVDid:45e2b734-2354-11e6-abef-000c29c66e3ddate:2011-12-26T00:00:00
db:IVDid:45e91728-2354-11e6-abef-000c29c66e3ddate:2011-12-26T00:00:00
db:IVDid:5b319126-1f7d-11e6-abef-000c29c66e3ddate:2011-12-05T00:00:00
db:IVDid:7d7d2bf0-463f-11e9-bf0d-000c29342cb1date:2011-12-26T00:00:00
db:IVDid:4143b83e-1f7d-11e6-abef-000c29c66e3ddate:2011-12-05T00:00:00
db:IVDid:84af9d86-1f7d-11e6-abef-000c29c66e3ddate:2011-12-05T00:00:00
db:IVDid:7e1d2e16-1f7d-11e6-abef-000c29c66e3ddate:2011-12-05T00:00:00
db:CNVDid:CNVD-2011-5591date:2011-12-26T00:00:00
db:CNVDid:CNVD-2011-5128date:2011-12-05T00:00:00
db:CNVDid:CNVD-2011-5125date:2011-12-05T00:00:00
db:CNVDid:CNVD-2011-5126date:2011-12-05T00:00:00
db:CNVDid:CNVD-2011-5127date:2011-12-05T00:00:00
db:BIDid:50849date:2011-11-29T00:00:00
db:JVNDBid:JVNDB-2011-003530date:2011-12-28T00:00:00
db:CNNVDid:CNNVD-201111-501date:1900-01-01T00:00:00
db:CNNVDid:CNNVD-201112-447date:2011-12-26T00:00:00
db:NVDid:CVE-2011-5007date:2011-12-25T01:55:04.647