Vulnerabilities > CVE-2018-5440 - Out-of-bounds Write vulnerability in 3S-Software Codesys Runtime System and Codesys web Server

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

3s-software

CWE-787

critical

NVD

Published: 2018-02-15

Updated: 2020-09-18

Summary

A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted request may cause a buffer overflow and could therefore execute arbitrary code on the web server or lead to a denial-of-service condition due to a crash in the web server.

Vulnerable Configurations

Part	Description	Count
Application	3S-Software 3S Software Codesys Runtime System - 3S Software Codesys WEB Server 2.3	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References