CVE-2017-6025: Buffer Overflow
First published: Fri May 19 2017(Updated: )
A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A malicious user could overflow the stack buffer by providing overly long strings to functions that handle the XML. Because the function does not verify string size before copying to memory, the attacker may then be able to crash the application or run arbitrary code.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CODESYS Web Server | <=2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-6025?
CVE-2017-6025 has a high severity rating due to its potential to allow remote code execution via stack buffer overflow.
How do I fix CVE-2017-6025?
To fix CVE-2017-6025, you should upgrade to a version of CODESYS Web Server that is later than 2.3.
What software is affected by CVE-2017-6025?
CVE-2017-6025 affects all versions of CODESYS Web Server 2.3 and prior.
What kind of attack does CVE-2017-6025 enable?
CVE-2017-6025 allows a malicious user to perform a stack buffer overflow attack on the CODESYS Web Server.
Is there any workaround for CVE-2017-6025?
There are no known workarounds for CVE-2017-6025; the best course of action is to upgrade the affected software.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/tags
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- vendor/codesys
- canonical/codesys web server
- version/codesys web server/2.3