"CODESYS.V3.Web.Server.Unauthenticated.Heap.Buffer.Overflow"
攻击漏洞描述
这表明攻击企图利用 Smart Software Solutions CoDeSys V3 Remote Target Visu Toolkit 中的缓冲区溢出漏洞。该漏洞是由于应用程序中的边界检查条件不正确造成的。未经身份验证的远程攻击者可以利用此漏洞通过精心设计的 HTTP 请求在服务器进程的上下文中执行任意代码。
影响范围
Smart Software Solutions CoDeSys Control for BeagleBone prior to V3.5.15.40
Smart Software Solutions CoDeSys Control for empPC-A/iMX6 prior to V3.5.15.40
Smart Software Solutions CoDeSys Control for IOT2000 prior to V3.5.15.40
Smart Software Solutions CoDeSys Control for PFC100 prior to V3.5.15.40
Smart Software Solutions CoDeSys Control for PFC200 prior to V3.5.15.40
Smart Software Solutions CoDeSys Control for PLCnext prior to V3.5.15.40
Smart Software Solutions CoDeSys Control for Raspberry Pi prior to V3.5.15.40
Smart Software Solutions CoDeSys Control RTE V3 prior to V3.5.15.40
Smart Software Solutions CoDeSys Control RTE V3 (for Beckhoff CX) prior to V3.5.15.40
Smart Software Solutions CoDeSys Control V3 Runtime System Tookit prior to V3.5.15.40
Smart Software Solutions CoDeSys Control Win V3 (also part of the CODESYS Development System Setup) prior to V3.5.15.40
Smart Software Solutions CoDeSys HMI V3 prior to V3.5.15.40
Smart Software Solutions CoDeSys V3 Embedded Target Visu Toolkit prior to V3.5.15.40
Smart Software Solutions CoDeSys V3 Remote Target Visu Toolkit prior to V3.5.15.40
可能带来的后果
系统被入侵:远程攻击者可以控制易受攻击的系统。
解决办法
应用供应商提供的最新升级或补丁。 https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13078&token=de344ca65252463cc581ef144e0c53bd97b8f211&download=