CVE-2022-22518 A bug in the CODESYS V3 CmpUserMgr component fails to correctly apply a security policy.

🗓️ 07 Apr 2022 18:21:21Reported by CERTVDEType

A bug in CODESYS V3 CmpUserMgr component fails to apply security policies correctly, leading to partial application and enabling anonymous acces

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2022-22518	6 Apr 202210:00	–	attackerkb
Circl	CVE-2022-22518	7 Apr 202222:36	–	circl
CNNVD	Schneider Electric CmpUserMgr 安全漏洞	7 Apr 202200:00	–	cnnvd
CVE	CVE-2022-22518	7 Apr 202218:21	–	cve
EUVD	EUVD-2022-27664	3 Oct 202520:07	–	euvd
NVD	CVE-2022-22518	7 Apr 202219:15	–	nvd
OSV	CVE-2022-22518	7 Apr 202219:15	–	osv
Prion	Code injection	7 Apr 202219:15	–	prion

[
  {
    "product": "CODESYS Control for BeagleBone SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for Beckhoff CX9020 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for emPC-A/iMX6 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for IOT2000 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for Linux SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for PFC100 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for PFC200 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for Raspberry Pi SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control for WAGO Touch Panels 600 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V4.5.0.0",
        "status": "affected",
        "version": "V4.5.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Control Runtime System Toolkit",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V3.5.18.0",
        "status": "affected",
        "version": "V3.5.18.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
customers	www.customers.codesys.com/index.php

12 May 2022 07:45Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.16.5

EPSS0.00586

CWE-276