SynopsisA 3S CODESYS V3 environment on the remote host is affected by a remote code execution vulnerability
DescriptionA heap-based buffer overflow condition exists in CmpWebServerHandlerV3 due to improper validation of user-supplied data. An unauthenticated, remote attacker can exploit this, via a series of specially crafted messages, to cause a denial of service condition or the execution of arbitrary code.
Note that Nessus has not tested for the issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade 3S CODESYS V3 runtime to version 126.96.36.199 or higher.