cvelistv5 - cve-2017-6027

CVE-2017-6027 (GCVE-0-2017-6027)

Vulnerability from cvelistv5 – Published: 2017-05-19 02:43 – Updated: 2024-08-05 15:18

Summary

Severity ?

No CVSS data available.

CWE

CWE-434

Assigner

icscert

References

URL

	Vendor	Product	Version
	n/a	3S-Smart Software Solutions GmbH CODESYS Web Server	Affected: 3S-Smart Software Solutions GmbH CODESYS Web Server

CNVD-2017-05022

Vulnerability from cnvd - Published: 2017-04-22

Title

CoDeSys Web服务器任意文件上传漏洞

Description

3S-Smart Software Solutions CODESYS是德国3S-Smart Software Solutions公司的一套PLC（可编程控制器）软件编程工具。CODESYS Web Server是其中的一个web服务器。 CODESYS Web Server 2.3及之前的版本中存在安全漏洞。攻击者可利用该漏洞上传任意文件，执行任意代码。

Severity

高

Patch Name

CoDeSys Web服务器任意文件上传漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://store.codesys.com/codesys-23.html#Produktbeschreibung

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-17-087-02

Impacted products

Name
3S-Smart Software Solutions CODESYS Gateway Server <=2.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6027"
    }
  },
  "description": "3S-Smart Software Solutions CODESYS\u662f\u5fb7\u56fd3S-Smart Software Solutions\u516c\u53f8\u7684\u4e00\u5957PLC\uff08\u53ef\u7f16\u7a0b\u63a7\u5236\u5668\uff09\u8f6f\u4ef6\u7f16\u7a0b\u5de5\u5177\u3002CODESYS Web Server\u662f\u5176\u4e2d\u7684\u4e00\u4e2aweb\u670d\u52a1\u5668\u3002\r\n\r\nCODESYS Web Server 2.3\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4e0a\u4f20\u4efb\u610f\u6587\u4ef6\uff0c\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "David Atch of CyberX",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://store.codesys.com/codesys-23.html#Produktbeschreibung",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-05022",
  "openTime": "2017-04-22",
  "patchDescription": "3S-Smart Software Solutions CODESYS\u662f\u5fb7\u56fd3S-Smart Software Solutions\u516c\u53f8\u7684\u4e00\u5957PLC\uff08\u53ef\u7f16\u7a0b\u63a7\u5236\u5668\uff09\u8f6f\u4ef6\u7f16\u7a0b\u5de5\u5177\u3002CODESYS Web Server\u662f\u5176\u4e2d\u7684\u4e00\u4e2aweb\u670d\u52a1\u5668\u3002\r\n\r\nCODESYS Web Server 2.3\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4e0a\u4f20\u4efb\u610f\u6587\u4ef6\uff0c\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "CoDeSys Web\u670d\u52a1\u5668\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "3S-Smart Software Solutions CODESYS Gateway Server \u003c=2.3"
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-17-087-02",
  "serverity": "\u9ad8",
  "submitTime": "2017-04-17",
  "title": "CoDeSys Web\u670d\u52a1\u5668\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e"
}

ICSA-17-087-02

Vulnerability from csaf_cisa - Published: 2017-03-28 00:00 - Updated: 2017-03-28 00:00

Summary

3S-Smart Software Solutions GmbH CODESYS Web Server

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

ATTENTION: Remotely exploitable/low skill level to exploit.

Countries/areas deployed

Worldwide

Company headquarters location

Kempten, Germany

Recommended Practices

NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:

Recommended Practices

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.

Recommended Practices

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "David Atch"
        ],
        "organization": "CyberX",
        "summary": "discovering the vulnerabilities and testing the patch"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "ATTENTION: Remotely exploitable/low skill level to exploit.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Kempten, Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-087-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-087-02.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-087-02 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-087-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-087-02"
      }
    ],
    "title": "3S-Smart Software Solutions GmbH CODESYS Web Server",
    "tracking": {
      "current_release_date": "2017-03-28T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-17-087-02",
      "initial_release_date": "2017-03-28T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-03-28T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-17-087-02 3S-Smart Software Solutions GmbH CODESYS Web Server"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 2.3",
                "product": {
                  "name": "CODESYS Web Server: Versions 2.3 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "CODESYS Web Server"
          }
        ],
        "category": "vendor",
        "name": "3S-Smart Software Solutions GmbH"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-6027",
      "cwe": {
        "id": "CWE-434",
        "name": "Unrestricted Upload of File with Dangerous Type"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A specially crafted web server request may allow the upload of arbitrary files to the CODESYS Web Server without authorization which may allow remote code execution.CVE-2017-6027 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6027"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "3S-Smart Software Solutions GmbH recommends that device manufacturers who program their devices with CODESYS refer to the device directory to determine if they may be affected. The device directory can be found at the following location:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "http://devices.codesys.com/device-directory.html"
        },
        {
          "category": "mitigation",
          "details": "3S-Smart Software Solutions GmbH recommends that users register for an account and download patch V.1.1.9.18 from the following location:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "http://store.codesys.com/codesys-23.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2017-6025",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A malicious user could overflow the stack buffer by providing overly long strings to functions that handle the XML. Because the function does not verify string size before copying to memory, the attacker may then be able to crash the application or run arbitrary code.CVE-2017-6025 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6025"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "3S-Smart Software Solutions GmbH recommends that device manufacturers who program their devices with CODESYS refer to the device directory to determine if they may be affected. The device directory can be found at the following location:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "http://devices.codesys.com/device-directory.html"
        },
        {
          "category": "mitigation",
          "details": "3S-Smart Software Solutions GmbH recommends that users register for an account and download patch V.1.1.9.18 from the following location:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "http://store.codesys.com/codesys-23.html"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

VAR-201705-3539

Vulnerability from variot - Updated: 2023-12-18 12:19

An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution. 3S-Smart Software Solutions GmbH CODESYS Web Server Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. 3S-Smart Software Solutions CODESYS is a PLC (programmable controller) software programming tool from 3S-Smart Software Solutions, Germany. An attacker could exploit this vulnerability to upload arbitrary files and execute arbitrary code

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3539",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "web server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "2.3"
      },
      {
        "model": "codesys webserver",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "3s smart",
        "version": "2.3"
      },
      {
        "model": "software solutions codesys gateway server",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "3s smart",
        "version": "\u003c=2.3"
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "codesys",
        "version": "2.3"
      },
      {
        "model": "codesys web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "3s smart",
        "version": "2.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "web server",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "afb12d64-2bd5-492d-9178-d8c5d02210ac"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05022"
      },
      {
        "db": "BID",
        "id": "97174"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004194"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6027"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-585"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:codesys:web_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6027"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "David Atch of CyberX",
    "sources": [
      {
        "db": "BID",
        "id": "97174"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-6027",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-6027",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-05022",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "afb12d64-2bd5-492d-9178-d8c5d02210ac",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-6027",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-6027",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-05022",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201702-585",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "afb12d64-2bd5-492d-9178-d8c5d02210ac",
            "trust": 0.2,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "afb12d64-2bd5-492d-9178-d8c5d02210ac"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05022"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004194"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6027"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-585"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution. 3S-Smart Software Solutions GmbH CODESYS Web Server Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. 3S-Smart Software Solutions CODESYS is a PLC (programmable controller) software programming tool from 3S-Smart Software Solutions, Germany. An attacker could exploit this vulnerability to upload arbitrary files and execute arbitrary code",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6027"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004194"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05022"
      },
      {
        "db": "BID",
        "id": "97174"
      },
      {
        "db": "IVD",
        "id": "afb12d64-2bd5-492d-9178-d8c5d02210ac"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6027",
        "trust": 3.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-087-02",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "97174",
        "trust": 1.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05022",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-585",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004194",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "AFB12D64-2BD5-492D-9178-D8C5D02210AC",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "afb12d64-2bd5-492d-9178-d8c5d02210ac"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05022"
      },
      {
        "db": "BID",
        "id": "97174"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004194"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6027"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-585"
      }
    ]
  },
  "id": "VAR-201705-3539",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "afb12d64-2bd5-492d-9178-d8c5d02210ac"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05022"
      }
    ],
    "trust": 1.8
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "afb12d64-2bd5-492d-9178-d8c5d02210ac"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05022"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:19:46.548000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CODESYS",
        "trust": 0.8,
        "url": "https://www.codesys.com/"
      },
      {
        "title": "CoDeSys Web Server Patch for Any File Upload Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/92345"
      },
      {
        "title": "3S-Smart Software Solutions GmbH CODESYS Web Server Enter the fix for the verification vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99642"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05022"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004194"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-585"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-434",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004194"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6027"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-087-02"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/97174"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6027"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6027"
      },
      {
        "trust": 0.3,
        "url": "https://www.codesys.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05022"
      },
      {
        "db": "BID",
        "id": "97174"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004194"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6027"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-585"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "afb12d64-2bd5-492d-9178-d8c5d02210ac"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05022"
      },
      {
        "db": "BID",
        "id": "97174"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004194"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6027"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-585"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-04-22T00:00:00",
        "db": "IVD",
        "id": "afb12d64-2bd5-492d-9178-d8c5d02210ac"
      },
      {
        "date": "2017-04-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-05022"
      },
      {
        "date": "2017-03-28T00:00:00",
        "db": "BID",
        "id": "97174"
      },
      {
        "date": "2017-06-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004194"
      },
      {
        "date": "2017-05-19T03:29:00.497000",
        "db": "NVD",
        "id": "CVE-2017-6027"
      },
      {
        "date": "2017-02-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-585"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-04-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-05022"
      },
      {
        "date": "2017-03-28T00:00:00",
        "db": "BID",
        "id": "97174"
      },
      {
        "date": "2017-06-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004194"
      },
      {
        "date": "2019-10-09T23:28:35.230000",
        "db": "NVD",
        "id": "CVE-2017-6027"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-585"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-585"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CoDeSys Web Server arbitrary file upload vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "afb12d64-2bd5-492d-9178-d8c5d02210ac"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05022"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Code problem",
    "sources": [
      {
        "db": "IVD",
        "id": "afb12d64-2bd5-492d-9178-d8c5d02210ac"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-585"
      }
    ],
    "trust": 0.8
  }
}

GSD-2017-6027

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-6027

Aliases

CVE-2017-6027

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6027",
    "description": "An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution.",
    "id": "GSD-2017-6027"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6027"
      ],
      "details": "An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution.",
      "id": "GSD-2017-6027",
      "modified": "2023-12-13T01:21:09.754777Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2017-6027",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "3S-Smart Software Solutions GmbH CODESYS Web Server",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "3S-Smart Software Solutions GmbH CODESYS Web Server"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-434"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "97174",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/97174"
          },
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-087-02",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-087-02"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:codesys:web_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-6027"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-434"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-087-02",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-087-02"
            },
            {
              "name": "97174",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/97174"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:28Z",
      "publishedDate": "2017-05-19T03:29Z"
    }
  }
}

FKIE_CVE-2017-6027

Vulnerability from fkie_nvd - Published: 2017-05-19 03:29 - Updated: 2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/97174	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-17-087-02	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/97174	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-17-087-02	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	codesys	web_server	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:codesys:web_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEC6A882-06F9-4AD6-B2B9-D6C1A14301F4",
              "versionEndIncluding": "2.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema de carga arbitraria de archivos en el Servidor Web de 3S-Smart Software Solutions GmbH CODESYS. Las siguientes versiones del Servidor Web de CODESYS, parte del programa de visualizaci\u00f3n del navegador web WebVisu de CODESYS, est\u00e1n afectadas: el Servidor Web de CODESYS versiones 2.3 y anteriores. Una petici\u00f3n de servidor web especialmente dise\u00f1ada puede permitir la carga de archivos arbitrarios (con un tipo dangerous) hacia el Servidor Web de CODESYS sin autorizaci\u00f3n, lo que puede permitir la ejecuci\u00f3n de c\u00f3digo remota."
    }
  ],
  "id": "CVE-2017-6027",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-19T03:29:00.497",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97174"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-087-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97174"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-087-02"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-R8QW-6XXQ-MJRP

Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6027"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-434"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-19T03:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution.",
  "id": "GHSA-r8qw-6xxq-mjrp",
  "modified": "2022-05-13T01:36:36Z",
  "published": "2022-05-13T01:36:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6027"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-087-02"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97174"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-6027 (GCVE-0-2017-6027)

CNVD-2017-05022

ICSA-17-087-02

VAR-201705-3539

GSD-2017-6027

FKIE_CVE-2017-6027

GHSA-R8QW-6XXQ-MJRP

Tags

Sightings

Nomenclature