Aggregates CVE and security vulnerability intelligence across all 3ssoftware-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow, vendor risk denial of service, and vendor risk integer handling and related problems; some flaws may lead to vendor impact application crash.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2011-5058 | The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \ (backslash) characters in an HTTP GET request. | [email protected] | 6.4 | 1.25% | 2012-01-10 | 2026-04-29 |
| CVE-2011-5009 | The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method. | [email protected] | 5.0 | 24.63% | 2011-12-25 | 2026-04-29 |
| CVE-2011-5008 | Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow. | [email protected] | 7.5 | 9.30% | 2011-12-25 | 2026-04-29 |
| CVE-2011-5007 | Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080. | [email protected] | 10.0 | 81.88% | 2011-12-25 | 2026-04-29 |