Vulnerability Description
An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Codesys | Web Server | <= 2.3 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/97174Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-087-02Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/97174Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-087-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-6027?
CVE-2017-6027 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualizatio...
How severe is CVE-2017-6027?
CVE-2017-6027 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-6027?
Check the references section above for vendor advisories and patch information. Affected products include: Codesys Web Server.