CVE-2022-22515 A component of the CODESYS Control runtime system allows read and write access to configuration files

🗓️ 07 Apr 2022 18:21:16Reported by CERTVDEType

Component of CODESYS Control allows unauthorized file acces

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2022-22515	1 Jun 202210:00	–	attackerkb
Circl	CVE-2022-22515	7 Apr 202222:36	–	circl
CNNVD	3s-smart Software Solutions CODESYS Control 安全漏洞	7 Apr 202200:00	–	cnnvd
CVE	CVE-2022-22515	7 Apr 202218:21	–	cve
EUVD	EUVD-2022-27661	3 Oct 202520:07	–	euvd
NVD	CVE-2022-22515	7 Apr 202219:15	–	nvd
OSV	CVE-2022-22515	7 Apr 202219:15	–	osv
Prion	Design/Logic Flaw	7 Apr 202219:15	–	prion
Positive Technologies	PT-2022-15484 · 3S Smart Software Solutions · Codesys Control Runtime System	7 Apr 202200:00	–	ptsecurity
The Hacker News	3 New Vulnerabilities Affect OT Products from German Companies Festo and CODESYS	30 Nov 202207:21	–	thn

[
  {
    "product": "CODESYS Control RTE (SL)",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.17.40",
        "status": "affected",
        "version": "V3",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control RTE (for Beckhoff CX) SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.17.40",
        "status": "affected",
        "version": "V3",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control Win (SL)",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.17.40",
        "status": "affected",
        "version": "V3",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS HMI (SL)",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.17.40",
        "status": "affected",
        "version": "V3",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Development System V3",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.17.40",
        "status": "affected",
        "version": "V3",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control Runtime System Toolkit",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.17.40",
        "status": "affected",
        "version": "V3",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Embedded Target Visu Toolkit",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.17.40",
        "status": "affected",
        "version": "V3",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Remote Target Visu Toolkit",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.17.40",
        "status": "affected",
        "version": "V3",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for BeagleBone SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for Beckhoff CX9020 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for emPC-A/iMX6 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for IOT2000 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for Linux SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for PFC100 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for PFC200 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for PLCnext SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for Raspberry Pi SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for WAGO Touch Panels 600 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
customers	www.customers.codesys.com/index.php

12 May 2022 07:45Current

8.1High risk

Vulners AI Score8.1

CVSS 3.18.1

EPSS0.01031

CWE-668