CVE-2022-22519

🗓️ 07 Apr 2022 18:21:23Reported by CERTVDEType

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2022-22519	6 Apr 202210:00	–	attackerkb
Circl	CVE-2022-22519	7 Apr 202222:36	–	circl
CNNVD	3S-Smart Software Solutions CODESYS Control 缓冲区错误漏洞	7 Apr 202200:00	–	cnnvd
Cvelist	CVE-2022-22519 Special HTTP(s) Requests can cause a buffer-read causing a crash of the webserver and the runtime system.	7 Apr 202218:21	–	cvelist
EUVD	EUVD-2022-27665	3 Oct 202520:07	–	euvd
NVD	CVE-2022-22519	7 Apr 202219:15	–	nvd
OSV	CVE-2022-22519	7 Apr 202219:15	–	osv
Prion	Design/Logic Flaw	7 Apr 202219:15	–	prion

NVD

Vulners

Node

codesys control_for_beaglebone_slRange<4.5.0.0

codesys control_for_beckhoff_cx9020Range<4.5.0.0

codesys control_for_empc-a/imx6_slRange<4.5.0.0

codesys control_for_iot2000_slRange<4.5.0.0

codesys control_for_linux_slRange<4.5.0.0

codesys control_for_pfc100_slRange<4.5.0.0

codesys control_for_pfc200_slRange<4.5.0.0

codesys control_for_plcnext_slRange<4.5.0.0

codesys control_for_raspberry_pi_slRange<4.5.0.0

codesys control_for_wago_touch_panels_600_slRange<4.5.0.0

codesys control_rte_slRange<3.5.18.0

codesys control_rte_sl_(for_beckhoff_cx)Range<3.5.18.0

codesys control_runtime_system_toolkitRange<3.5.18.0

codesys control_win_slRange<3.5.18.0

codesys development_systemRange<3.5.18.0

codesys embedded_target_visu_toolkitRange<3.5.18.0

codesys hmi_slRange<3.5.18.0

codesys remote_target_visu_toolkitRange<3.5.18.0

[
  {
    "product": "CODESYS Control RTE (SL)",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.18.0",
        "status": "affected",
        "version": "V3.5.18.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control RTE (for Beckhoff CX) SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.18.0",
        "status": "affected",
        "version": "V3.5.18.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control Win (SL)",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.18.0",
        "status": "affected",
        "version": "V3.5.18.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS HMI (SL)",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.18.0",
        "status": "affected",
        "version": "V3.5.18.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control Runtime System Toolkit",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.18.0",
        "status": "affected",
        "version": "V3.5.18.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Embedded Target Visu Toolkit",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.18.0",
        "status": "affected",
        "version": "V3.5.18.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Remote Target Visu Toolkit",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.18.0",
        "status": "affected",
        "version": "V3.5.18.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for BeagleBone SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for Beckhoff CX9020 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for emPC-A/iMX6 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for IOT2000 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for Linux SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for PFC100 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for PFC200 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for PLCnext SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for Raspberry Pi SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for WAGO Touch Panels 600 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
customers	www.customers.codesys.com/index.php

17 Jun 2026 04:28Current

7.8High risk

Vulners AI Score7.8

CVSS 25

CVSS 3.17.5

EPSS0.01326