Lucene search

[email protected]CVE-2022-22518

HistoryApr 07, 2022 - 7:15 p.m.

CVE-2022-22518

2022-04-0719:15:08

CWE-276

[email protected]

web.nvd.nist.gov

cve-2022-22518

cmpusermgr

security

bug

policies

anonymous access

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.4%

JSON

A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy.

Affected configurations

NVD

Node

codesyscontrol_for_beaglebone_slRange4.4.0.0–4.5.0.0

codesyscontrol_for_beckhoff_cx9020Range4.4.0.0–4.5.0.0

codesyscontrol_for_empc-a\/imx6_slRange4.4.0.0–4.5.0.0

codesyscontrol_for_iot2000_slRange4.4.0.0–4.5.0.0

codesyscontrol_for_linux_slRange4.4.0.0–4.5.0.0

codesyscontrol_for_pfc100_slRange4.4.0.0–4.5.0.0

codesyscontrol_for_pfc200_slRange4.4.0.0–4.5.0.0

codesyscontrol_for_raspberry_pi_slRange4.4.0.0–4.5.0.0

codesyscontrol_for_wago_touch_panels_600_slRange4.4.0.0–4.5.0.0

codesyscontrol_runtime_system_toolkitRange3.5.17.0–3.5.18.0

CPENameOperatorVersion
codesys:control_for_beaglebone_slcodesys control for beaglebone sllt4.5.0.0
codesys:control_for_beckhoff_cx9020codesys control for beckhoff cx9020lt4.5.0.0
codesys:control_for_empc-a\/imx6_slcodesys control for empc-a/imx6 sllt4.5.0.0
codesys:control_for_iot2000_slcodesys control for iot2000 sllt4.5.0.0
codesys:control_for_linux_slcodesys control for linux sllt4.5.0.0
codesys:control_for_pfc100_slcodesys control for pfc100 sllt4.5.0.0
codesys:control_for_pfc200_slcodesys control for pfc200 sllt4.5.0.0
codesys:control_for_raspberry_pi_slcodesys control for raspberry pi sllt4.5.0.0
codesys:control_for_wago_touch_panels_600_slcodesys control for wago touch panels 600 sllt4.5.0.0
codesys:control_runtime_system_toolkitcodesys control runtime system toolkitlt3.5.18.0

CPE	Name	Operator	Version
codesys:control_for_beaglebone_sl	codesys control for beaglebone sl	lt	4.5.0.0
codesys:control_for_beckhoff_cx9020	codesys control for beckhoff cx9020	lt	4.5.0.0
codesys:control_for_empc-a\/imx6_sl	codesys control for empc-a/imx6 sl	lt	4.5.0.0
codesys:control_for_iot2000_sl	codesys control for iot2000 sl	lt	4.5.0.0
codesys:control_for_linux_sl	codesys control for linux sl	lt	4.5.0.0
codesys:control_for_pfc100_sl	codesys control for pfc100 sl	lt	4.5.0.0
codesys:control_for_pfc200_sl	codesys control for pfc200 sl	lt	4.5.0.0
codesys:control_for_raspberry_pi_sl	codesys control for raspberry pi sl	lt	4.5.0.0
codesys:control_for_wago_touch_panels_600_sl	codesys control for wago touch panels 600 sl	lt	4.5.0.0
codesys:control_runtime_system_toolkit	codesys control runtime system toolkit	lt	3.5.18.0

CNA Affected

[
  {
    "product": "CODESYS Control for BeagleBone SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for Beckhoff CX9020 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for emPC-A/iMX6 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for IOT2000 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for Linux SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for PFC100 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for PFC200 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for Raspberry Pi SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for WAGO Touch Panels 600 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control Runtime System Toolkit",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.18.0",
        "status": "affected",
        "version": "V3.5.18.0",
        "versionType": "custom"
      }
    ]
  }
]

References

customers.codesys.com/index.php?eID=dumpFile&t=f&f=17092&token=a556b1695843bb42084dc63d5bdf553ca02ea393&download=

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.4%

JSON

Related for CVE-2022-22518

cvelist1 nvd1 prion1