Vulnerabilities > 3Ssoftware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-01-10 | CVE-2011-5058 | Permissions, Privileges, and Access Controls vulnerability in 3Ssoftware Codesys 3.4 The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \ (backslash) characters in an HTTP GET request. | 6.4 |
| 2011-12-25 | CVE-2011-5009 | Unspecified vulnerability in 3Ssoftware Codesys 3.4 The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method. | 5.0 |
| 2011-12-25 | CVE-2011-5008 | Numeric Errors vulnerability in 3Ssoftware Codesys 3.4 Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow. | 7.5 |
| 2011-12-25 | CVE-2011-5007 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in 3Ssoftware Codesys Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080. | 10.0 |