Lucene search

[email protected]CVE-2022-4224

HistoryMar 23, 2023 - 12:15 p.m.

CVE-2022-4224

2023-03-2312:15:12

CWE-1188

[email protected]

web.nvd.nist.gov

cve-2022-4224

codesys v3

vulnerability

file read

file write

dos

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.7%

JSON

In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.

Affected configurations

NVD

Node

codesyscontrol_for_beaglebone_slRange3.0–4.8.0.0

codesyscontrol_for_empc-a\/imx6_slRange3.0–4.8.0.0

codesyscontrol_for_iot2000_slRange3.0–4.8.0.0

codesyscontrol_for_linux_slRange3.0–4.8.0.0

codesyscontrol_for_pfc100_slRange3.0–4.8.0.0

codesyscontrol_for_pfc200_slRange3.0–4.8.0.0

codesyscontrol_for_plcnext_slRange3.0–4.8.0.0

codesyscontrol_for_raspberry_pi_slRange3.0–4.8.0.0

codesyscontrol_for_wago_touch_panels_600_slRange3.0–4.8.0.0

codesyscontrol_rte_slRange3.0–3.5.19.0

codesyscontrol_rte_sl_\(for_beckhoff_cx\)Range3.0–3.5.19.0

codesyscontrol_win_slRange3.0–3.5.19.0

codesysdevelopment_systemRange3.0–3.5.19.0

codesyshmi_slRange3.0–3.5.19.0

codesysruntime_toolkitRange3.0–3.5.19.0

codesyssafety_sil2Range3.0–3.5.19.0

CPENameOperatorVersion
codesys:control_for_beaglebone_slcodesys control for beaglebone sllt4.8.0.0
codesys:control_for_empc-a\/imx6_slcodesys control for empc-a/imx6 sllt4.8.0.0
codesys:control_for_iot2000_slcodesys control for iot2000 sllt4.8.0.0
codesys:control_for_linux_slcodesys control for linux sllt4.8.0.0
codesys:control_for_pfc100_slcodesys control for pfc100 sllt4.8.0.0
codesys:control_for_pfc200_slcodesys control for pfc200 sllt4.8.0.0
codesys:control_for_plcnext_slcodesys control for plcnext sllt4.8.0.0
codesys:control_for_raspberry_pi_slcodesys control for raspberry pi sllt4.8.0.0
codesys:control_for_wago_touch_panels_600_slcodesys control for wago touch panels 600 sllt4.8.0.0
codesys:control_rte_slcodesys control rte sllt3.5.19.0

CPE	Name	Operator	Version
codesys:control_for_beaglebone_sl	codesys control for beaglebone sl	lt	4.8.0.0
codesys:control_for_empc-a\/imx6_sl	codesys control for empc-a/imx6 sl	lt	4.8.0.0
codesys:control_for_iot2000_sl	codesys control for iot2000 sl	lt	4.8.0.0
codesys:control_for_linux_sl	codesys control for linux sl	lt	4.8.0.0
codesys:control_for_pfc100_sl	codesys control for pfc100 sl	lt	4.8.0.0
codesys:control_for_pfc200_sl	codesys control for pfc200 sl	lt	4.8.0.0
codesys:control_for_plcnext_sl	codesys control for plcnext sl	lt	4.8.0.0
codesys:control_for_raspberry_pi_sl	codesys control for raspberry pi sl	lt	4.8.0.0
codesys:control_for_wago_touch_panels_600_sl	codesys control for wago touch panels 600 sl	lt	4.8.0.0
codesys:control_rte_sl	codesys control rte sl	lt	3.5.19.0

Rows per page:

1-10 of 161

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Control RTE (SL) ",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "3.5.19.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Control RTE (for Beckhoff CX) SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "3.5.19.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Control Win (SL)",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "3.5.19.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": " Runtime Toolkit ",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "3.5.19.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Safety SIL2 Runtime Toolkit",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "3.5.19.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Safety SIL2 PSP",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "3.5.19.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "HMI (SL) ",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "3.5.19.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Development System V3",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "3.5.19.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": " Control for BeagleBone SL ",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "4.8.0.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Control for emPC-A/iMX6 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "4.8.0.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Control for IOT2000 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "4.8.0.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Control for Linux SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "4.8.0.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": " Control for PFC100 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "4.8.0.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": " Control for PFC200 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "4.8.0.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Control for PLCnext SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "4.8.0.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Control for Raspberry Pi SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "4.8.0.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Control for WAGO Touch Panels 600 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "4.8.0.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  }
]

References

customers.codesys.com/index.php?eID=dumpFile&t=f&f=17553&token=cf49757d232ea8021f0c0dd6c65e71ea5942b12d&download=

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.7%

JSON

Related for CVE-2022-4224

prion1 nvd1 cvelist1