Lucene search

K
cve[email protected]CVE-2022-22519
HistoryApr 07, 2022 - 7:15 p.m.

CVE-2022-22519

2022-04-0719:15:08
CWE-126
CWE-125
web.nvd.nist.gov
99
cve-2022-22519
remote
unauthenticated
buffer over-read
http
https
webserver
codesys control
nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

69.7%

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.

Affected configurations

NVD
Node
codesyscontrol_for_beaglebone_slRange<4.5.0.0
OR
codesyscontrol_for_beckhoff_cx9020Range<4.5.0.0
OR
codesyscontrol_for_empc-a\/imx6_slRange<4.5.0.0
OR
codesyscontrol_for_iot2000_slRange<4.5.0.0
OR
codesyscontrol_for_linux_slRange<4.5.0.0
OR
codesyscontrol_for_pfc100_slRange<4.5.0.0
OR
codesyscontrol_for_pfc200_slRange<4.5.0.0
OR
codesyscontrol_for_plcnext_slRange<4.5.0.0
OR
codesyscontrol_for_raspberry_pi_slRange<4.5.0.0
OR
codesyscontrol_for_wago_touch_panels_600_slRange<4.5.0.0
OR
codesyscontrol_rte_slRange<3.5.18.0
OR
codesyscontrol_rte_sl_\(for_beckhoff_cx\)Range<3.5.18.0
OR
codesyscontrol_runtime_system_toolkitRange<3.5.18.0
OR
codesyscontrol_win_slRange<3.5.18.0
OR
codesysdevelopment_systemRange<3.5.18.0
OR
codesysembedded_target_visu_toolkitRange<3.5.18.0
OR
codesyshmi_slRange<3.5.18.0
OR
codesysremote_target_visu_toolkitRange<3.5.18.0

CNA Affected

[
  {
    "product": "CODESYS Control RTE (SL) ",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.18.0",
        "status": "affected",
        "version": "V3.5.18.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control RTE (for Beckhoff CX) SL ",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.18.0",
        "status": "affected",
        "version": "V3.5.18.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control Win (SL) ",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.18.0",
        "status": "affected",
        "version": "V3.5.18.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS HMI (SL) ",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.18.0",
        "status": "affected",
        "version": "V3.5.18.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control Runtime System Toolkit",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.18.0",
        "status": "affected",
        "version": "V3.5.18.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Embedded Target Visu Toolkit",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.18.0",
        "status": "affected",
        "version": "V3.5.18.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Remote Target Visu Toolkit",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.18.0",
        "status": "affected",
        "version": "V3.5.18.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for BeagleBone SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for Beckhoff CX9020 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for emPC-A/iMX6 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for IOT2000 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for Linux SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for PFC100 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for PFC200 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for PLCnext SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for Raspberry Pi SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for WAGO Touch Panels 600 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  }
]

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

69.7%

Related for CVE-2022-22519