Vulnerability in 3ssoftware Codesys

CVE-2011-5058

The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \ (backslash) characters in an HTTP GE…

EPSS: 0.012 (79.7th percentile) — read the EPSS interpretation.

Affected products

3ssoftware Codesys — versions 3.4
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

codesys-cmbwebserver-dir-traversal(72339) (vdb-entry, x_refsource_XF)
cve@mitre.org (US Government Resource, x_refsource_MISC)
47018 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
cve@mitre.org (Exploit, x_refsource_MISC)