CVE-2011-5009

Name of the Vulnerable Software and Affected Versions 3S CoDeSys version 3.4 SP4 Patch 2

Description The issue allows remote attackers to cause a denial of service, specifically a NULL pointer dereference, by exploiting the CmpWebServer.dll module in the Control service. This can be achieved through either a crafted Content-Length in an HTTP POST or an invalid HTTP request method.

Recommendations For version 3.4 SP4 Patch 2, consider restricting access to the CmpWebServer.dll module until a patch is available. As a temporary workaround, avoid using invalid HTTP request methods and ensure all HTTP POST requests have a valid Content-Length to minimize the risk of exploitation.