Lucene search

[email protected]CVE-2022-22513

HistoryApr 07, 2022 - 7:15 p.m.

CVE-2022-22513

2022-04-0719:15:00

CWE-476

[email protected]

web.nvd.nist.gov

cve-2022-22513

authenticated

remote attacker

null pointer dereference

cmpsettings

codesys

crash

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

49.9%

JSON

An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.

CPENameOperatorVersion
codesys:control_for_beaglebone_slcodesys control for beaglebone sllt4.5.0.0
codesys:control_for_beckhoff_cx9020codesys control for beckhoff cx9020lt4.5.0.0
codesys:control_for_empc-a\/imx6_slcodesys control for empc-a\/imx6 sllt4.5.0.0
codesys:control_for_iot2000_slcodesys control for iot2000 sllt4.5.0.0
codesys:control_for_linux_slcodesys control for linux sllt4.5.0.0
codesys:control_for_pfc100_slcodesys control for pfc100 sllt4.5.0.0
codesys:control_for_pfc200_slcodesys control for pfc200 sllt4.5.0.0
codesys:control_for_plcnext_slcodesys control for plcnext sllt4.5.0.0
codesys:control_for_raspberry_pi_slcodesys control for raspberry pi sllt4.5.0.0
codesys:control_for_wago_touch_panels_600_slcodesys control for wago touch panels 600 sllt4.5.0.0

CPE	Name	Operator	Version
codesys:control_for_beaglebone_sl	codesys control for beaglebone sl	lt	4.5.0.0
codesys:control_for_beckhoff_cx9020	codesys control for beckhoff cx9020	lt	4.5.0.0
codesys:control_for_empc-a\/imx6_sl	codesys control for empc-a\/imx6 sl	lt	4.5.0.0
codesys:control_for_iot2000_sl	codesys control for iot2000 sl	lt	4.5.0.0
codesys:control_for_linux_sl	codesys control for linux sl	lt	4.5.0.0
codesys:control_for_pfc100_sl	codesys control for pfc100 sl	lt	4.5.0.0
codesys:control_for_pfc200_sl	codesys control for pfc200 sl	lt	4.5.0.0
codesys:control_for_plcnext_sl	codesys control for plcnext sl	lt	4.5.0.0
codesys:control_for_raspberry_pi_sl	codesys control for raspberry pi sl	lt	4.5.0.0
codesys:control_for_wago_touch_panels_600_sl	codesys control for wago touch panels 600 sl	lt	4.5.0.0

Rows per page:

1-10 of 211

References

customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download=

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

49.9%

JSON

Related for CVE-2022-22513

prion1 cvelist1