Lucene search

[email protected]CVE-2022-47379

HistoryMay 15, 2023 - 10:15 a.m.

CVE-2022-47379

2023-05-1510:15:00

CWE-787

[email protected]

web.nvd.nist.gov

cve-2022-47379

codesys

out-of-bounds write

vulnerability

dos

memory overwriting

remote code execution

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

38.9%

JSON

An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

CPENameOperatorVersion
codesys:safety_sil2_runtime_toolkitcodesys safety sil2 runtime toolkitlt4.8.0.0
codesys:safety_sil2_pspcodesys safety sil2 psplt4.8.0.0
codesys:hmi_\(sl\)codesys hmi \(sl\)lt4.8.0.0
codesys:development_system_v3codesys development system v3lt4.8.0.0
codesys:control_win_\(sl\)codesys control win \(sl\)lt4.8.0.0
codesys:control_runtime_system_toolkitcodesys control runtime system toolkitlt4.8.0.0
codesys:control_rte_\(sl\)codesys control rte \(sl\)lt4.8.0.0
codesys:control_rte_\(for_beckhoff_cx\)_slcodesys control rte \(for beckhoff cx\) sllt4.8.0.0
codesys:control_for_wago_touch_panels_600_slcodesys control for wago touch panels 600 sllt3.5.19.0
codesys:control_for_raspberry_pi_slcodesys control for raspberry pi sllt3.5.19.0

CPE	Name	Operator	Version
codesys:safety_sil2_runtime_toolkit	codesys safety sil2 runtime toolkit	lt	4.8.0.0
codesys:safety_sil2_psp	codesys safety sil2 psp	lt	4.8.0.0
codesys:hmi_\(sl\)	codesys hmi \(sl\)	lt	4.8.0.0
codesys:development_system_v3	codesys development system v3	lt	4.8.0.0
codesys:control_win_\(sl\)	codesys control win \(sl\)	lt	4.8.0.0
codesys:control_runtime_system_toolkit	codesys control runtime system toolkit	lt	4.8.0.0
codesys:control_rte_\(sl\)	codesys control rte \(sl\)	lt	4.8.0.0
codesys:control_rte_\(for_beckhoff_cx\)_sl	codesys control rte \(for beckhoff cx\) sl	lt	4.8.0.0
codesys:control_for_wago_touch_panels_600_sl	codesys control for wago touch panels 600 sl	lt	3.5.19.0
codesys:control_for_raspberry_pi_sl	codesys control for raspberry pi sl	lt	3.5.19.0

Rows per page:

1-10 of 171

References

customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

38.9%

JSON

Related for CVE-2022-47379

prion1 nessus1 ics1 thn1 mssecure1 mmpc1