Intrusion Prevention

CoDeSys.V3.CmpWebServer.And.CmpWebServerHandler.Buffer.Overflow

Description

This indicates an attack attempt to exploit a Buffer Overflow Vulnerability in Smart Software Solutions CoDeSys V3 Remote Target Visu Toolkit.
The vulnerability is due to an improper boundary check condition in the application. A remote, unauthenticated attacker can exploit this vulnerability to execute arbitrary code within the context of the server process, via a crafted HTTP request.

Affected Products

Smart Software Solutions CoDeSys Control for BeagleBone prior to V3.5.15.20
Smart Software Solutions CoDeSys Control for empPC-A/iMX6 prior to V3.5.15.20
Smart Software Solutions CoDeSys Control for IOT2000 prior to V3.5.15.20
Smart Software Solutions CoDeSys Control for PFC100 prior to V3.5.15.20
Smart Software Solutions CoDeSys Control for PFC200 prior to V3.5.15.20
Smart Software Solutions CoDeSys Control for PLCnext prior to V3.5.15.20
Smart Software Solutions CoDeSys Control for Raspberry Pi prior to V3.5.15.20
Smart Software Solutions CoDeSys Control RTE V3 prior to V3.5.15.20
Smart Software Solutions CoDeSys Control RTE V3 (for Beckhoff CX) prior to V3.5.15.20
Smart Software Solutions CoDeSys Control V3 Runtime System Tookit prior to V3.5.15.20
Smart Software Solutions CoDeSys Control Win V3 (also part of the CODESYS Development System Setup) prior to V3.5.15.20
Smart Software Solutions CoDeSys HMI V3 prior to V3.5.15.20
Smart Software Solutions CoDeSys V3 Embedded Target Visu Toolkit prior to V3.5.15.20
Smart Software Solutions CoDeSys V3 Remote Target Visu Toolkit prior to V3.5.15.20

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-10_CDS-68341.pdf

CVE References

CVE-2019-18858