7 matches found
CVE-2022-47379
An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution...
Rockwell Automation LP30/40/50 and BM40 Operator Interface
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : LP30, LP40, LP50, and BM40 Operator Panels Vulnerability : Improper Validation of Consistency within Input, Out-of-bounds Write, Stack-based Buffer Overflow,...
Rockwell Automation LP30/40/50 and BM40 Operator Interface Out-of-Bounds Write (CVE-2022-47379)
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CMPapp Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago PFC20...
16 New CODESYS SDK Flaws Expose OT Environments to Remote Attacks
A set of 16 high-severity security flaws have been disclosed in the CODESYS V3 software development kit SDK that could result in remote code execution and denial-of-service under specific conditions, posing risks to operational technology OT environments. The flaws, tracked from CVE-2022-47378...
Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS
Microsoft’s cyberphysical system researchers recently identified multiple high-severity vulnerabilities in the CODESYS V3 software development kit SDK, a software development environment widely used to program and engineer programmable logic controllers PLCs. Exploitation of the discovered...
CVE-2022-47379 CODESYS: Multiple products prone to out-of-bounds write
An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution...
CVE-2022-47379
CVE-2022-47379 is a stack-based/out-of-bounds write vulnerability in the CMPapp component across multiple CODESYS V3 products. After authentication, crafted requests can write data to memory, potentially causing denial-of-service, memory overwriting, or remote code execution. Public sources note ...