Vulnerabilites related to CODESYS - CODESYS Gateway
cve-2022-22514
Vulnerability from cvelistv5
Published
2022-04-07 18:21
Modified
2024-09-17 03:03
Severity ?
EPSS score ?
Summary
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Development System V3",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Embedded Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Remote Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Beckhoff CX9020 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Linux",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822: Untrusted Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T05:55:11",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Untrusted Pointer Dereference in multiple CODESYS products can lead to a DoS.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-06T10:00:00.000Z",
"ID": "CVE-2022-22514",
"STATE": "PUBLIC",
"TITLE": "Untrusted Pointer Dereference in multiple CODESYS products can lead to a DoS."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Control RTE (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Control Win (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS HMI (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Development System V3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Control Runtime System Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Embedded Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Remote Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Control for BeagleBone SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Beckhoff CX9020 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for emPC-A/iMX6 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for IOT2000 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Linux SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC100 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC200 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PLCnext SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Raspberry Pi SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-822: Untrusted Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download=",
"refsource": "MISC",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-22514",
"datePublished": "2022-04-07T18:21:14.309072Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-17T03:03:50.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22517
Vulnerability from cvelistv5
Published
2022-04-07 18:21
Modified
2024-09-16 22:16
Severity ?
EPSS score ?
Summary
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | CODESYS | CODESYS Control RTE (SL) |
Version: V3.5.18.0 < V3.5.18.0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Development System V3",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Embedded Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Remote Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Beckhoff CX9020 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Linux",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS OPC DA Server SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS PLCHandler",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-334",
"description": "CWE-334 Small Space of Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-07T18:21:19",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download="
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Communication Components in multiple CODESYS products vulnerable to communication channel disruption",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-06T10:00:00.000Z",
"ID": "CVE-2022-22517",
"STATE": "PUBLIC",
"TITLE": "Communication Components in multiple CODESYS products vulnerable to communication channel disruption"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Control RTE (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Control Win (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS HMI (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Development System V3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Control Runtime System Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Embedded Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Remote Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Control for BeagleBone SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Beckhoff CX9020 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for emPC-A/iMX6 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for IOT2000 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Linux SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC100 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC200 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PLCnext SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Raspberry Pi SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS OPC DA Server SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS PLCHandler",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-334 Small Space of Random Values"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download=",
"refsource": "MISC",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download="
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-22517",
"datePublished": "2022-04-07T18:21:20.091353Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-16T22:16:04.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22513
Vulnerability from cvelistv5
Published
2022-04-07 18:21
Modified
2024-09-17 04:29
Severity ?
EPSS score ?
Summary
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | CODESYS | CODESYS Control RTE (SL) |
Version: V3.5.18.0 < V3.5.18.0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Development System V3",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Embedded Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Remote Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.0",
"status": "affected",
"version": "V3.5.18.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Beckhoff CX9020 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Linux",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V4.5.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T05:55:10",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Null Pointer Dereference in multiple CODESYS products can lead to a DoS.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-06T10:00:00.000Z",
"ID": "CVE-2022-22513",
"STATE": "PUBLIC",
"TITLE": "Null Pointer Dereference in multiple CODESYS products can lead to a DoS."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Control RTE (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Control Win (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS HMI (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Development System V3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Control Runtime System Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Embedded Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Remote Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3.5.18.0",
"version_value": "V3.5.18.0"
}
]
}
},
{
"product_name": "CODESYS Control for BeagleBone SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Beckhoff CX9020 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for emPC-A/iMX6 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for IOT2000 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Linux SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC100 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC200 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PLCnext SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Raspberry Pi SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V4.5.0.0",
"version_value": "V4.5.0.0"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download=",
"refsource": "MISC",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-22513",
"datePublished": "2022-04-07T18:21:12.792321Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-17T04:29:14.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30791
Vulnerability from cvelistv5
Published
2022-07-11 10:40
Modified
2024-09-16 16:48
Severity ?
EPSS score ?
Summary
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | CODESYS | CODESYS Control RTE (SL) |
Version: V3 < V3.5.18.20 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:38.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Development System V3",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.10",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Embedded Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Remote Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Beckhoff CX9020 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Linux",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T10:40:38",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"source": {
"defect": [
"CERT@VDE#",
"64129"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-07-08T06:00:00.000Z",
"ID": "CVE-2022-30791",
"STATE": "PUBLIC",
"TITLE": "CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Control RTE (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control Win (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS HMI (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Development System V3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.10"
}
]
}
},
{
"product_name": "CODESYS Control Runtime System Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Embedded Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Remote Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control for BeagleBone SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Beckhoff CX9020 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for emPC-A/iMX6 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for IOT2000 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Linux SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC100 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC200 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PLCnext SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Raspberry Pi SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
]
},
"source": {
"defect": [
"CERT@VDE#",
"64129"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-30791",
"datePublished": "2022-07-11T10:40:38.913416Z",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-09-16T16:48:31.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31805
Vulnerability from cvelistv5
Published
2022-06-24 07:46
Modified
2024-09-16 18:55
Severity ?
EPSS score ?
Summary
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | CODESYS | CODESYS Development System |
Version: V2 < V2.3.9.69 Version: V3 < V3.5.18.30 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CODESYS Development System",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.9.69",
"status": "affected",
"version": "V2",
"versionType": "custom"
},
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Gateway Client",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.9.38",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Gateway Server",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.9.38",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Web server",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V1.1.9.23",
"status": "affected",
"version": "V1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS SP Realtime NT",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.7.30",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS PLCWinNT",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.4.7.57",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Runtime Toolkit 32 bit full",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.4.7.57",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS OPC DA Server SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS PLCHandler",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-22T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.\u003c/p\u003e"
}
],
"value": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-523",
"description": "CWE-523 Unprotected Transport of Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T12:54:39.506Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
}
],
"source": {
"defect": [
"CERT@VDE#",
"64140"
],
"discovery": "UNKNOWN"
},
"title": "Insecure transmission of credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-06-23T10:00:00.000Z",
"ID": "CVE-2022-31805",
"STATE": "PUBLIC",
"TITLE": "Insecure transmission of credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Development System",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.3.9.69"
},
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Gateway Client",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.3.9.38"
}
]
}
},
{
"product_name": "CODESYS Gateway Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.3.9.38"
}
]
}
},
{
"product_name": "CODESYS Web server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V1",
"version_value": "V1.1.9.23"
}
]
}
},
{
"product_name": "CODESYS SP Realtime NT",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.3.7.30"
}
]
}
},
{
"product_name": "CODESYS PLCWinNT",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.4.7.57"
}
]
}
},
{
"product_name": "CODESYS Runtime Toolkit 32 bit full",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.4.7.57"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS HMI (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS OPC DA Server SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS PLCHandler",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-523 Unprotected Transport of Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
}
]
},
"source": {
"defect": [
"CERT@VDE#",
"64140"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-31805",
"datePublished": "2022-06-24T07:46:15.076016Z",
"dateReserved": "2022-05-30T00:00:00",
"dateUpdated": "2024-09-16T18:55:26.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30792
Vulnerability from cvelistv5
Published
2022-07-11 10:40
Modified
2024-09-16 23:05
Severity ?
EPSS score ?
Summary
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | CODESYS | CODESYS Control RTE (SL) |
Version: V3 < V3.5.18.20 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:38.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Development System V3",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.10",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Embedded Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Remote Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Beckhoff CX9020 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Linux",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T10:40:43",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"source": {
"defect": [
"CERT@VDE#",
"64130"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-07-08T06:00:00.000Z",
"ID": "CVE-2022-30792",
"STATE": "PUBLIC",
"TITLE": "CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Control RTE (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control Win (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS HMI (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Development System V3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.10"
}
]
}
},
{
"product_name": "CODESYS Control Runtime System Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Embedded Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Remote Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control for BeagleBone SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Beckhoff CX9020 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for emPC-A/iMX6 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for IOT2000 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Linux SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC100 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC200 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PLCnext SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Raspberry Pi SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
]
},
"source": {
"defect": [
"CERT@VDE#",
"64130"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-30792",
"datePublished": "2022-07-11T10:40:43.935648Z",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-09-16T23:05:31.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-47391
Vulnerability from cvelistv5
Published
2023-05-15 09:59
Modified
2025-01-23 19:19
Severity ?
EPSS score ?
Summary
In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | CODESYS | CODESYS Control RTE (SL) |
Version: V0.0.0.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:55:07.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17555\u0026token=212fc7e39bdd260cab6d6ca84333d42f50bcb3da\u0026download="
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-47391",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T19:18:44.576335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T19:19:22.826Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"CmpDevice"
],
"product": "CODESYS Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.19.0",
"status": "affected",
"version": "V0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"CmpDevice"
],
"product": "CODESYS Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.19.0",
"status": "affected",
"version": "V0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"CmpDevice"
],
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.19.0",
"status": "affected",
"version": "V0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"CmpDevice"
],
"product": "CODESYS Control Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.19.0",
"status": "affected",
"version": "V0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"CmpDevice"
],
"product": "CODESYS Safety SIL2 Runtime Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.19.0",
"status": "affected",
"version": "V0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"CmpDevice"
],
"product": "CODESYS Safety SIL2 PSP",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.19.0",
"status": "affected",
"version": "V0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"CmpDevice"
],
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.19.0",
"status": "affected",
"version": "V0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"CmpDevice"
],
"product": "CODESYS Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.19.0",
"status": "affected",
"version": "V0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"CmpDevice"
],
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.19.0",
"status": "affected",
"version": "V0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"CmpDevice"
],
"product": "CODESYS Development System V3",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.19.0",
"status": "affected",
"version": "V0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.8.0.0",
"status": "affected",
"version": "V0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.8.0.0",
"status": "affected",
"version": "V0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.8.0.0",
"status": "affected",
"version": "V0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.8.0.0",
"status": "affected",
"version": "V0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.8.0.0",
"status": "affected",
"version": "V0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.8.0.0",
"status": "affected",
"version": "V0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.8.0.0",
"status": "affected",
"version": "V0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.8.0.0",
"status": "affected",
"version": "V0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.8.0.0",
"status": "affected",
"version": "V0.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Edge Gateway for Linux",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.8.0.0",
"status": "affected",
"version": "V0.0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Vladimir Tokarev, Microsoft"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service."
}
],
"value": "In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-15T09:59:52.803Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17555\u0026token=212fc7e39bdd260cab6d6ca84333d42f50bcb3da\u0026download="
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CODESYS: Multiple products prone to Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-47391",
"datePublished": "2023-05-15T09:59:52.803Z",
"dateReserved": "2022-12-14T06:03:27.265Z",
"dateUpdated": "2025-01-23T19:19:22.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}