The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote malicious users to create arbitrary directories under the web root by specifying a non-existent directory using \ (backslash) characters in an HTTP GET request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
3ssoftware codesys 3.4 |