Lucene search

CERTVDECVELIST:CVE-2022-31804

HistoryJun 24, 2022 - 7:46 a.m.

CVE-2022-31804 CODESYS Gateway server prone to denial of service attack due to excessive memory allocation

2022-06-2407:46:13

CWE-789

CERTVDE

www.cve.org

codesys

gateway

denial of service

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

40.4%

JSON

The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.

CNA Affected

[
  {
    "product": "CODESYS Gateway Server V2",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V2.3.9.38",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

customers.codesys.com/index.php?eID=dumpFile&t=f&f=17141&token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66&download=

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

40.4%

JSON

Related for CVELIST:CVE-2022-31804