CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution.
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Name | Vendor | Start Version | End Version |
---|---|---|---|
Control_for_beaglebone | Codesys | * | 3.5.14.10 (excluding) |
Control_for_empc-a/imx6 | Codesys | * | 3.5.14.10 (excluding) |
Control_for_iot2000 | Codesys | * | 3.5.14.10 (excluding) |
Control_for_linux | Codesys | * | 3.5.14.10 (excluding) |
Control_for_pfc100 | Codesys | * | 3.5.14.10 (excluding) |
Control_for_pfc200 | Codesys | * | 3.5.14.10 (excluding) |
Control_for_raspberry_pi | Codesys | * | 3.5.14.10 (excluding) |
Control_rte | Codesys | 3.5.8.60 (including) | 3.5.12.80 (excluding) |
Control_rte | Codesys | 3.5.13.0 (including) | 3.5.14.10 (excluding) |
Control_runtime_system_toolkit | Codesys | 3.0 (including) | 3.5.12.80 (excluding) |
Control_win | Codesys | 3.5.9.80 (including) | 3.5.12.80 (including) |
Control_win | Codesys | 3.5.13.0 (including) | 3.5.14.10 (excluding) |
Embedded_target_visu_toolkit | Codesys | 3.0 (including) | 3.5.12.80 (excluding) |
Hmi | Codesys | 3.5.10.0 (including) | 3.5.12.80 (excluding) |
Hmi | Codesys | 3.5.13.0 (including) | 3.5.14.10 (excluding) |
Remote_target_visu_toolkit | Codesys | 3.0 (including) | 3.5.12.80 (excluding) |