Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5058

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2011-5058
Last Modified 27 Nov 2012 11:32:16
Published 10 Jan 2012 06:55:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-5058

Summary

The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \ (backslash) characters in an HTTP GET request.

Vulnerable Systems

Application

  • 3ssoftware Codesys 3.4


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf

SECUNIA - 47018

MISC - http://aluigi.altervista.org/adv/codesys_1-adv.txt

XF - codesys-cmbwebserver-dir-traversal(72339)


Last Updated: 27 May 2016 10:58:02