3S-Smart Software Solutions GmbH released a patch to mitigate an arbitrary file upload and a stack buffer overflow vulnerabilities in its CODESYS Web Server, according to a report with ICS-CERT.
CODESYS Web Server Versions 2.3 and prior suffer from the remotely exploitable vulnerabilities, discovered by David Atch of CyberX who tested the patch.
Successful exploitation of these vulnerabilities could allow an attacker to upload arbitrary files to the CODESYS Web Server without authorization. Additionally, an attacker may be able to crash the application or execute arbitrary code.
No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could exploit the vulnerabilities.
In one vulnerability, a specially crafted web server request may allow the upload of arbitrary files to the CODESYS Web Server without authorization which may allow remote code execution.
CVE-2017-6027 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.
In another vulnerability, a malicious user could overflow the stack buffer by providing overly long strings to functions that handle the XML. Because the function does not verify string size before copying to memory, the attacker may then be able to crash the application or run arbitrary code.
CVE-2017-6025 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.
The product sees use mainly in the critical manufacturing and energy sectors. It also sees action on a global basis.
Kempten, Germany-based 3S-Smart Software Solutions GmbH recommends device manufacturers who program their devices with CODESYS refer to the device directory to determine if they may be affected.
3S-Smart Software Solutions GmbH recommends that users register for an account and download patch V.220.127.116.11.