CVE-2011-5058

Name of the Vulnerable Software and Affected Versions 3S CoDeSys version 3.4 SP4 Patch 2

Description The issue allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using backslash characters in an HTTP GET request. This is due to a flaw in the CmbWebserver.dll module of the Control service.

Recommendations For version 3.4 SP4 Patch 2, consider restricting access to the CmbWebserver.dll module until a patch is available. As a temporary workaround, avoid using backslash characters in HTTP GET requests to minimize the risk of exploitation.