CRITICAL🇵🇱 Wersja polska

CVE-2017-6025

CVSS 9.8v3.0pub. 2017-05-19upd. 2026-05-13

A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A malicious user could overflow the stack buffer by providing overly long strings to functions that handle the XML. Because the function does not verify string size before copying to memory, the attacker may then be able to crash the application or run arbitrary code.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Codesys Web Server

    APP
    Codesys
    ≤ 2.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2017-6027CRITICAL9.8ten sam produkt

An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The foll...

CVE-2022-31805HIGH7.5ten sam produkt

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the comm...

CVE-2022-31802CRITICAL9.8ten sam vendor

In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been...

CVE-2022-31806CRITICAL9.8ten sam vendor

In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enable...

CVE-2021-34584CRITICAL9.1ten sam vendor

Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- s...