Lucene search
K
CodesysControl For Beckhoff Cx9020

6 matches found

CVE
CVE
added 2022/04/07 6:21 p.m.138 views

CVE-2022-22519

The CVE-2022-22519 entry describes a remote, unauthenticated attacker able to send crafted HTTP/HTTPS requests that trigger a buffer over-read, crashing the CODESYS Control runtime system webserver. This affects the CODESYS Control runtime/webserver and related components; CVSSv3.1 base score 7.5...

7.5CVSS7.8AI score0.01404EPSS
CVE
CVE
added 2022/04/07 6:21 p.m.102 views

CVE-2022-22515

CVE-2022-22515 affects the CODESYS Control runtime system. A remote, authenticated attacker could use the control program to read and modify the affected product’s configuration files. The available documents describe the impact (unauthorized read/write of config files) and the attack path but do...

8.1CVSS7.9AI score0.01066EPSS
CVE
CVE
added 2022/04/07 6:21 p.m.101 views

CVE-2022-22514

CVE-2022-22514 is a CODESYS vulnerability where an authenticated, remote attacker can access a dereferenced pointer in a request, enabling local memory overwrite in CmpTraceMgr and potentially causing a crash. The primary description notes lack of read/write control over values and potential cras...

7.1CVSS6.9AI score0.00858EPSS
CVE
CVE
added 2022/04/07 6:21 p.m.90 views

CVE-2022-22517

CVE-2022-22517 describes a remote, unauthenticated attack against CODESYS communication components: an attacker can guess a valid channel ID and inject packets, causing an existing communication channel to be disrupted/closed. The CVSS data from NVD (3.1) assigns a high base impact (availability ...

7.5CVSS7.5AI score0.0127EPSS
CVE
CVE
added 2022/04/07 6:21 p.m.89 views

CVE-2022-22513

CVE-2022-22513 affects CODESYS products; an authenticated remote attacker can trigger a null pointer dereference in the CmpSettings component, causing a crash. The available connected documents describe the vulnerability class and impact (crash) but do not publish concrete affected versions or a ...

6.5CVSS6.4AI score0.00999EPSS
CVE
CVE
added 2022/04/07 6:21 p.m.80 views

CVE-2022-22518

CVE-2022-22518 describes a bug in the Schneider Electric CmpUserMgr component (as used in CODESYS V3) where a security policy is not fully applied. The underlying cause is an error in CmpUserMgr that can allow enabled, anonymous access to components that are part of the applied security policy. T...

6.5CVSS6.4AI score0.00586EPSS