Lucene search

CERTVDECVELIST:CVE-2022-32139

HistoryJun 24, 2022 - 7:46 a.m.

CVE-2022-32139 CODESYS runtime system prone to denial of service due to out of bounds read

2022-06-2407:46:23

CWE-125

CERTVDE

www.cve.org

codesys

denial of service

out of bounds read

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

50.1%

JSON

In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. User Interaction is not required.

CNA Affected

[
  {
    "platforms": [
      "32 bit"
    ],
    "product": "Runtime Toolkit",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V2.4.7.57",
        "status": "affected",
        "version": "V2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "PLCWinNT",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V2.4.7.57",
        "status": "affected",
        "version": "V2",
        "versionType": "custom"
      }
    ]
  }
]

References

customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download=

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

50.1%

JSON

Related for CVELIST:CVE-2022-32139