CRITICAL🇬🇧 English

CVE-2017-6027

CVSS 9.8v3.0pub. 2017-05-19upd. 2026-05-13

An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Codesys Web Server

    APP
    Codesys
    ≤ 2.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2017-6025CRITICAL9.8ten sam produkt

A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The follo...

CVE-2022-31805HIGH7.5ten sam produkt

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the comm...

CVE-2022-31802CRITICAL9.8ten sam vendor

In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been...

CVE-2022-31806CRITICAL9.8ten sam vendor

In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enable...

CVE-2021-34584CRITICAL9.1ten sam vendor

Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- s...

CVE-2017-6027 — CRITICAL 9.8 | CVEbaza.pl