Vulnerability Description
A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted request may cause a buffer overflow and could therefore execute arbitrary code on the web server or lead to a denial-of-service condition due to a crash in the web server.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 3S-Software | Codesys Runtime System | < 1.1.9.19 |
| 3S-Software | Codesys Web Server | 2.3 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/102909Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-032-02Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/102909Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-032-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-5440?
CVE-2018-5440 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as par...
How severe is CVE-2018-5440?
CVE-2018-5440 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-5440?
Check the references section above for vendor advisories and patch information. Affected products include: 3S-Software Codesys Runtime System, 3S-Software Codesys Web Server.