3S-Smart Software Solutions GmbH CODESYS Web Server Upload Restricted File and Buffer Overflow Exploit

A specially crafted web server request may allow the upload of arbitrary files to the CODESYS Web Server without authorization which may allow remote code execution. A malicious user could overflow a buffer by providing overly long strings to functions that handle the XML. Because the function does not verify string size before copying to memory, the attacker may then be able to crash the application or run arbitrary code.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2017-6027
Product Version: 
2017_R1
Released Date: 
Wednesday, April 5, 2017 - 00:00