CVE-2022-4224 CODESYS: Exposure of Resource to Wrong Sphere in CODESYS V3

🗓️ 23 Mar 2023 11:15:37Reported by CERTVDEType

Exposure of Resource to Wrong Sphere in CODESYS V

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2022-4224	23 Mar 202312:15	–	attackerkb
BDU FSTEC	The vulnerability of the Codesys industrial automation software suite, related to the disclosure of information in the erroneous data area, allows a intruder to gain unauthorized access or cause service failures.	24 May 202300:00	–	bdu_fstec
Circl	CVE-2022-4224	23 Mar 202315:51	–	circl
CNNVD	3s-smart Software Solutions CODESYS 安全漏洞	23 Mar 202300:00	–	cnnvd
CVE	CVE-2022-4224	23 Mar 202311:15	–	cve
EUVD	EUVD-2022-51583	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Schneider Electric Modicon components	12 Apr 202300:00	–	ncsc
NVD	CVE-2022-4224	23 Mar 202312:15	–	nvd
Prion	Code injection	23 Mar 202312:15	–	prion
Positive Technologies	PT-2023-2838 · 3S Smart Software Solutions · Codesys	23 Mar 202300:00	–	ptsecurity

[
  {
    "defaultStatus": "unaffected",
    "product": "Control RTE (SL) ",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "3.5.19.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Control RTE (for Beckhoff CX) SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "3.5.19.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Control Win (SL)",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "3.5.19.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": " Runtime Toolkit ",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "3.5.19.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Safety SIL2 Runtime Toolkit",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "3.5.19.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Safety SIL2 PSP",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "3.5.19.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "HMI (SL) ",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "3.5.19.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Development System V3",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "3.5.19.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": " Control for BeagleBone SL ",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "4.8.0.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Control for emPC-A/iMX6 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "4.8.0.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Control for IOT2000 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "4.8.0.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Control for Linux SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "4.8.0.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": " Control for PFC100 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "4.8.0.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": " Control for PFC200 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "4.8.0.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Control for PLCnext SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "4.8.0.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Control for Raspberry Pi SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "4.8.0.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Control for WAGO Touch Panels 600 SL",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "4.8.0.0",
        "status": "affected",
        "version": "3.0.0.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
customers	www.customers.codesys.com/index.php

09 Aug 2023 10:47Current

8.6High risk

Vulners AI Score8.6

CVSS 3.18.8

EPSS0.01126

CWE-1188