6 matches found
CVE-2022-47380
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution...
Rockwell Automation LP30/40/50 and BM40 Operator Interface
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : LP30, LP40, LP50, and BM40 Operator Panels Vulnerability : Improper Validation of Consistency within Input, Out-of-bounds Write, Stack-based Buffer Overflow,...
Rockwell Automation LP30/40/50 and BM40 Operator Interface Stack-Based Buffer Overflow (CVE-2022-47380)
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CMPapp Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago PFC20...
16 New CODESYS SDK Flaws Expose OT Environments to Remote Attacks
A set of 16 high-severity security flaws have been disclosed in the CODESYS V3 software development kit SDK that could result in remote code execution and denial-of-service under specific conditions, posing risks to operational technology OT environments. The flaws, tracked from CVE-2022-47378...
CVE-2022-47380
CVE-2022-47380 describes a stack-based out-of-bounds write in CMPapp (and related CMP components) within CODESYS V3 across multiple versions. After authentication, crafted requests can write to stack memory, enabling denial-of-service, memory overwriting, or remote code execution. Connected sourc...
CVE-2022-47380 CODESYS: Multiple products prone to out-of-bounds write
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution...