Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for CODESYS Embedded Target Visu Toolkit by CODESYS

    CVE-2024-8175 (GCVE-0-2024-8175)

    Vulnerability from nvd – Published: 2024-09-25 08:04 – Updated: 2024-09-25 14:02
    VLAI
    Title
    CODESYS: web server vulnerable to DoS
    Summary
    An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control for BeagleBone SL Affected: 0 , < 4.14.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 0 , < 4.14.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 0 , < 4.14.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 0 , < 4.14.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 0 , < 4.14.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 0 , < 4.14.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 0 , < 4.14.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 0 , < 4.14.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 0 , < 4.14.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 0 , < 4.14.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: 0 , < 3.5.20.30 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (SL) Affected: 0 , < 3.5.20.30 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: 0 , < 3.5.20.30 (semver)
    Create a notification for this product.
    CODESYS CODESYS Embedded Target Visu Toolkit Affected: 0 , < 3.5.20.30 (semver)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: 0 , < 3.5.20.30 (semver)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Toolkit Affected: 0 , < 3.5.20.30 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 0 , < 3.5.20.30 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 0 , < 4.14.0.0 (semver)
    Create a notification for this product.
    codesys runtime_toolkit Affected: 0 , < 4.14.0.0 (custom)
        cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:control_for_linux_arm_sl:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*
    Create a notification for this product.
    codesys control_rte_\(for_beckhoff_cx\)_sl Affected: 0 , < 3.5.20.30 (custom)
        cpe:2.3:a:codesys:control_rte_\(for_beckhoff_cx\)_sl:*:*:*:*:*:*:*:*
    Create a notification for this product.
    codesys virtual_control_sl Affected: 0 , < 4.14.0.0 (custom)
        cpe:2.3:a:codesys:virtual_control_sl:*:*:*:*:*:*:*:*
    Create a notification for this product.
    codesys runtime_toolkit Affected: 0 , < 3.5.20.30 (custom)
        cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    ABB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:control_for_linux_arm_sl:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "runtime_toolkit",
                "vendor": "codesys",
                "versions": [
                  {
                    "lessThan": "4.14.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:codesys:control_rte_\\(for_beckhoff_cx\\)_sl:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "control_rte_\\(for_beckhoff_cx\\)_sl",
                "vendor": "codesys",
                "versions": [
                  {
                    "lessThan": "3.5.20.30",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:codesys:virtual_control_sl:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "virtual_control_sl",
                "vendor": "codesys",
                "versions": [
                  {
                    "lessThan": "4.14.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "runtime_toolkit",
                "vendor": "codesys",
                "versions": [
                  {
                    "lessThan": "3.5.20.30",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8175",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-25T13:44:03.391474Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-25T14:02:28.368Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.14.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.14.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.14.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.14.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.14.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.14.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.14.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.14.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.14.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.14.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.20.30",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.20.30",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.20.30",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Embedded Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.20.30",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.20.30",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Remote Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.20.30",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.20.30",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.14.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "ABB"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can\u0026nbsp;causes the CODESYS web server to access invalid memory which results in a DoS."
                }
              ],
              "value": "An unauthenticated remote attacker can\u00a0causes the CODESYS web server to access invalid memory which results in a DoS."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-25T13:33:10.408Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-057"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18604\u0026token=d5e1e2820ee63077b875b3bb41014b1f102e88a3\u0026download="
            }
          ],
          "source": {
            "advisory": "VDE-2024-057",
            "defect": [
              "CERT@VDE#641681"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS: web server vulnerable to DoS",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2024-8175",
        "datePublished": "2024-09-25T08:04:23.196Z",
        "dateReserved": "2024-08-26T09:58:34.794Z",
        "dateUpdated": "2024-09-25T14:02:28.368Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30792 (GCVE-0-2022-30792)

    Vulnerability from nvd – Published: 2022-07-11 10:40 – Updated: 2024-09-16 23:05
    VLAI
    Title
    CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels
    Summary
    In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Gateway Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Windows Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Development System V3 Affected: V3 , < V3.5.18.10 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Runtime System Toolkit Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Embedded Target Visu Toolkit Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Toolkit Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Beckhoff CX9020 SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Linux Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    Date Public
    2022-07-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:03:38.599Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Gateway",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Windows",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Development System V3",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.10",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Runtime System Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Embedded Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Remote Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Beckhoff CX9020 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Linux",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-11T10:40:43.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#",
              "64130"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-07-08T06:00:00.000Z",
              "ID": "CVE-2022-30792",
              "STATE": "PUBLIC",
              "TITLE": "CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS Control RTE (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Win (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS HMI (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Development System V3",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Runtime System Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Embedded Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Remote Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for BeagleBone SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Beckhoff CX9020 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for emPC-A/iMX6 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for IOT2000 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Linux SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC100 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC200 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PLCnext SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Raspberry Pi SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Linux",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CODESYS"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-400 Uncontrolled Resource Consumption"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=",
                  "refsource": "CONFIRM",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
                }
              ]
            },
            "source": {
              "defect": [
                "CERT@VDE#",
                "64130"
              ],
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-30792",
        "datePublished": "2022-07-11T10:40:43.935Z",
        "dateReserved": "2022-05-16T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:05:31.037Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30791 (GCVE-0-2022-30791)

    Vulnerability from nvd – Published: 2022-07-11 10:40 – Updated: 2024-09-16 16:48
    VLAI
    Title
    CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections
    Summary
    In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Gateway Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Windows Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Development System V3 Affected: V3 , < V3.5.18.10 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Runtime System Toolkit Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Embedded Target Visu Toolkit Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Toolkit Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Beckhoff CX9020 SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Linux Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    Date Public
    2022-07-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:03:38.611Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Gateway",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Windows",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Development System V3",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.10",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Runtime System Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Embedded Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Remote Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Beckhoff CX9020 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Linux",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-11T10:40:38.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#",
              "64129"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-07-08T06:00:00.000Z",
              "ID": "CVE-2022-30791",
              "STATE": "PUBLIC",
              "TITLE": "CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS Control RTE (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Win (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS HMI (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Development System V3",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Runtime System Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Embedded Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Remote Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for BeagleBone SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Beckhoff CX9020 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for emPC-A/iMX6 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for IOT2000 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Linux SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC100 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC200 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PLCnext SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Raspberry Pi SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Linux",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CODESYS"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-400 Uncontrolled Resource Consumption"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=",
                  "refsource": "CONFIRM",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
                }
              ]
            },
            "source": {
              "defect": [
                "CERT@VDE#",
                "64129"
              ],
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-30791",
        "datePublished": "2022-07-11T10:40:38.913Z",
        "dateReserved": "2022-05-16T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:48:31.565Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22519 (GCVE-0-2022-22519)

    Vulnerability from nvd – Published: 2022-04-07 18:21 – Updated: 2024-09-17 03:22
    VLAI
    Title
    Special HTTP(s) Requests can cause a buffer-read causing a crash of the webserver and the runtime system.
    Summary
    A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Runtime System Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Embedded Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Beckhoff CX9020 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    Date Public
    2022-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.378Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17094\u0026token=2fb188e2213c74194e81ba61ff99f1c68602ba4d\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Runtime System Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Embedded Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Remote Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Beckhoff CX9020 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "CWE-126 Buffer Over-read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-27T05:55:13.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17094\u0026token=2fb188e2213c74194e81ba61ff99f1c68602ba4d\u0026download="
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Special HTTP(s) Requests can cause a buffer-read causing a crash of the webserver and the runtime system.",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-04-06T10:00:00.000Z",
              "ID": "CVE-2022-22519",
              "STATE": "PUBLIC",
              "TITLE": "Special HTTP(s) Requests can cause a buffer-read causing a crash of the webserver and the runtime system."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS Control RTE (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Win (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS HMI (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Runtime System Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Embedded Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Remote Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for BeagleBone SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Beckhoff CX9020 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for emPC-A/iMX6 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for IOT2000 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Linux SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC100 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC200 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PLCnext SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Raspberry Pi SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CODESYS"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-126 Buffer Over-read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17094\u0026token=2fb188e2213c74194e81ba61ff99f1c68602ba4d\u0026download=",
                  "refsource": "MISC",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17094\u0026token=2fb188e2213c74194e81ba61ff99f1c68602ba4d\u0026download="
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-22519",
        "datePublished": "2022-04-07T18:21:23.764Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:22:45.345Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22517 (GCVE-0-2022-22517)

    Vulnerability from nvd – Published: 2022-04-07 18:21 – Updated: 2024-09-16 22:16
    VLAI
    Title
    Communication Components in multiple CODESYS products vulnerable to communication channel disruption
    Summary
    An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.
    CWE
    • CWE-334 - Small Space of Random Values
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Gateway Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Windows Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Development System V3 Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Runtime System Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Embedded Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Beckhoff CX9020 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Linux Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS OPC DA Server SL Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS PLCHandler Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    Date Public
    2022-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.454Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Gateway",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Windows",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Development System V3",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Runtime System Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Embedded Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Remote Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Beckhoff CX9020 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Linux",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS OPC DA Server SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS PLCHandler",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-334",
                  "description": "CWE-334 Small Space of Random Values",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-07T18:21:19.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download="
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Communication Components in multiple CODESYS products vulnerable to communication channel disruption",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-04-06T10:00:00.000Z",
              "ID": "CVE-2022-22517",
              "STATE": "PUBLIC",
              "TITLE": "Communication Components in multiple CODESYS products vulnerable to communication channel disruption"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS Control RTE (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Win (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS HMI (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Development System V3",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Runtime System Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Embedded Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Remote Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for BeagleBone SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Beckhoff CX9020 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for emPC-A/iMX6 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for IOT2000 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Linux SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC100 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC200 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PLCnext SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Raspberry Pi SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Linux",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS OPC DA Server SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS PLCHandler",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CODESYS"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-334 Small Space of Random Values"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download=",
                  "refsource": "MISC",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download="
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-22517",
        "datePublished": "2022-04-07T18:21:20.091Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:16:04.923Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22515 (GCVE-0-2022-22515)

    Vulnerability from nvd – Published: 2022-04-07 18:21 – Updated: 2024-09-16 17:59
    VLAI
    Title
    A component of the CODESYS Control runtime system allows read and write access to configuration files
    Summary
    A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.
    CWE
    • CWE-668 - Exposure of Resource to Wrong Sphere
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Development System V3 Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Runtime System Toolkit Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Embedded Target Visu Toolkit Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Toolkit Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Beckhoff CX9020 SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    Date Public
    2022-06-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.437Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17089\u0026token=cc5041e24fc744a397a6f6e3b78200a40e6fcd53\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Development System V3",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Runtime System Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Embedded Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Remote Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Beckhoff CX9020 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-06-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-668",
                  "description": "CWE-668 Exposure of Resource to Wrong Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T07:45:29.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17089\u0026token=cc5041e24fc744a397a6f6e3b78200a40e6fcd53\u0026download="
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "A component of the CODESYS Control runtime system allows read and write access to configuration files",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-06-01T10:00:00.000Z",
              "ID": "CVE-2022-22515",
              "STATE": "PUBLIC",
              "TITLE": "A component of the CODESYS Control runtime system allows read and write access to configuration files"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS Control RTE (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Win (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS HMI (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Development System V3",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Runtime System Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Embedded Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Remote Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for BeagleBone SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Beckhoff CX9020 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for emPC-A/iMX6 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for IOT2000 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Linux SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC100 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC200 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PLCnext SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Raspberry Pi SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CODESYS"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-668 Exposure of Resource to Wrong Sphere"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17089\u0026token=cc5041e24fc744a397a6f6e3b78200a40e6fcd53\u0026download=",
                  "refsource": "CONFIRM",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17089\u0026token=cc5041e24fc744a397a6f6e3b78200a40e6fcd53\u0026download="
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-22515",
        "datePublished": "2022-04-07T18:21:16.280Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:59:22.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22514 (GCVE-0-2022-22514)

    Vulnerability from nvd – Published: 2022-04-07 18:21 – Updated: 2024-09-17 03:03
    VLAI
    Title
    Untrusted Pointer Dereference in multiple CODESYS products can lead to a DoS.
    Summary
    An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.
    CWE
    • CWE-822 - Untrusted Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Gateway Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Windows Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Development System V3 Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Runtime System Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Embedded Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Beckhoff CX9020 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Linux Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    Date Public
    2022-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.446Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Gateway",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Windows",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Development System V3",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Runtime System Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Embedded Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Remote Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Beckhoff CX9020 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Linux",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "CWE-822: Untrusted Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-27T05:55:11.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Untrusted Pointer Dereference in multiple CODESYS products can lead to a DoS.",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-04-06T10:00:00.000Z",
              "ID": "CVE-2022-22514",
              "STATE": "PUBLIC",
              "TITLE": "Untrusted Pointer Dereference in multiple CODESYS products can lead to a DoS."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS Control RTE (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Win (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS HMI (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Development System V3",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Runtime System Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Embedded Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Remote Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for BeagleBone SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Beckhoff CX9020 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for emPC-A/iMX6 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for IOT2000 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Linux SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC100 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC200 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PLCnext SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Raspberry Pi SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Linux",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CODESYS"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-822: Untrusted Pointer Dereference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download=",
                  "refsource": "MISC",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-22514",
        "datePublished": "2022-04-07T18:21:14.309Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:03:50.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22513 (GCVE-0-2022-22513)

    Vulnerability from nvd – Published: 2022-04-07 18:21 – Updated: 2024-09-17 04:29
    VLAI
    Title
    Null Pointer Dereference in multiple CODESYS products can lead to a DoS.
    Summary
    An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Gateway Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Windows Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Development System V3 Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Runtime System Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Embedded Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Beckhoff CX9020 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Linux Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    Date Public
    2022-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.460Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Gateway",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Windows",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Development System V3",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Runtime System Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Embedded Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Remote Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Beckhoff CX9020 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Linux",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-27T05:55:10.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Null Pointer Dereference in multiple CODESYS products can lead to a DoS.",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-04-06T10:00:00.000Z",
              "ID": "CVE-2022-22513",
              "STATE": "PUBLIC",
              "TITLE": "Null Pointer Dereference in multiple CODESYS products can lead to a DoS."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS Control RTE (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Win (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS HMI (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Development System V3",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Runtime System Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Embedded Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Remote Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for BeagleBone SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Beckhoff CX9020 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for emPC-A/iMX6 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for IOT2000 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Linux SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC100 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC200 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PLCnext SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Raspberry Pi SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Linux",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CODESYS"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-476 NULL Pointer Dereference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download=",
                  "refsource": "MISC",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-22513",
        "datePublished": "2022-04-07T18:21:12.792Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:29:14.122Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-8175 (GCVE-0-2024-8175)

    Vulnerability from cvelistv5 – Published: 2024-09-25 08:04 – Updated: 2024-09-25 14:02
    VLAI
    Title
    CODESYS: web server vulnerable to DoS
    Summary
    An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control for BeagleBone SL Affected: 0 , < 4.14.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 0 , < 4.14.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 0 , < 4.14.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 0 , < 4.14.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 0 , < 4.14.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 0 , < 4.14.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 0 , < 4.14.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 0 , < 4.14.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 0 , < 4.14.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 0 , < 4.14.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: 0 , < 3.5.20.30 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (SL) Affected: 0 , < 3.5.20.30 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: 0 , < 3.5.20.30 (semver)
    Create a notification for this product.
    CODESYS CODESYS Embedded Target Visu Toolkit Affected: 0 , < 3.5.20.30 (semver)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: 0 , < 3.5.20.30 (semver)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Toolkit Affected: 0 , < 3.5.20.30 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 0 , < 3.5.20.30 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 0 , < 4.14.0.0 (semver)
    Create a notification for this product.
    codesys runtime_toolkit Affected: 0 , < 4.14.0.0 (custom)
        cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:control_for_linux_arm_sl:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*
    Create a notification for this product.
    codesys control_rte_\(for_beckhoff_cx\)_sl Affected: 0 , < 3.5.20.30 (custom)
        cpe:2.3:a:codesys:control_rte_\(for_beckhoff_cx\)_sl:*:*:*:*:*:*:*:*
    Create a notification for this product.
    codesys virtual_control_sl Affected: 0 , < 4.14.0.0 (custom)
        cpe:2.3:a:codesys:virtual_control_sl:*:*:*:*:*:*:*:*
    Create a notification for this product.
    codesys runtime_toolkit Affected: 0 , < 3.5.20.30 (custom)
        cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*
        cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    ABB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:control_for_linux_arm_sl:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "runtime_toolkit",
                "vendor": "codesys",
                "versions": [
                  {
                    "lessThan": "4.14.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:codesys:control_rte_\\(for_beckhoff_cx\\)_sl:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "control_rte_\\(for_beckhoff_cx\\)_sl",
                "vendor": "codesys",
                "versions": [
                  {
                    "lessThan": "3.5.20.30",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:codesys:virtual_control_sl:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "virtual_control_sl",
                "vendor": "codesys",
                "versions": [
                  {
                    "lessThan": "4.14.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*",
                  "cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "runtime_toolkit",
                "vendor": "codesys",
                "versions": [
                  {
                    "lessThan": "3.5.20.30",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8175",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-25T13:44:03.391474Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-25T14:02:28.368Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.14.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.14.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.14.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.14.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.14.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.14.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.14.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.14.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.14.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.14.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.20.30",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.20.30",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.20.30",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Embedded Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.20.30",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.20.30",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Remote Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.20.30",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.20.30",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.14.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "ABB"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can\u0026nbsp;causes the CODESYS web server to access invalid memory which results in a DoS."
                }
              ],
              "value": "An unauthenticated remote attacker can\u00a0causes the CODESYS web server to access invalid memory which results in a DoS."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-25T13:33:10.408Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-057"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=18604\u0026token=d5e1e2820ee63077b875b3bb41014b1f102e88a3\u0026download="
            }
          ],
          "source": {
            "advisory": "VDE-2024-057",
            "defect": [
              "CERT@VDE#641681"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS: web server vulnerable to DoS",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2024-8175",
        "datePublished": "2024-09-25T08:04:23.196Z",
        "dateReserved": "2024-08-26T09:58:34.794Z",
        "dateUpdated": "2024-09-25T14:02:28.368Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30792 (GCVE-0-2022-30792)

    Vulnerability from cvelistv5 – Published: 2022-07-11 10:40 – Updated: 2024-09-16 23:05
    VLAI
    Title
    CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels
    Summary
    In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Gateway Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Windows Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Development System V3 Affected: V3 , < V3.5.18.10 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Runtime System Toolkit Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Embedded Target Visu Toolkit Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Toolkit Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Beckhoff CX9020 SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Linux Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    Date Public
    2022-07-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:03:38.599Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Gateway",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Windows",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Development System V3",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.10",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Runtime System Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Embedded Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Remote Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Beckhoff CX9020 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Linux",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-11T10:40:43.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#",
              "64130"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-07-08T06:00:00.000Z",
              "ID": "CVE-2022-30792",
              "STATE": "PUBLIC",
              "TITLE": "CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS Control RTE (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Win (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS HMI (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Development System V3",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Runtime System Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Embedded Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Remote Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for BeagleBone SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Beckhoff CX9020 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for emPC-A/iMX6 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for IOT2000 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Linux SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC100 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC200 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PLCnext SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Raspberry Pi SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Linux",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CODESYS"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-400 Uncontrolled Resource Consumption"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=",
                  "refsource": "CONFIRM",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
                }
              ]
            },
            "source": {
              "defect": [
                "CERT@VDE#",
                "64130"
              ],
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-30792",
        "datePublished": "2022-07-11T10:40:43.935Z",
        "dateReserved": "2022-05-16T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:05:31.037Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30791 (GCVE-0-2022-30791)

    Vulnerability from cvelistv5 – Published: 2022-07-11 10:40 – Updated: 2024-09-16 16:48
    VLAI
    Title
    CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections
    Summary
    In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Gateway Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Windows Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Development System V3 Affected: V3 , < V3.5.18.10 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Runtime System Toolkit Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Embedded Target Visu Toolkit Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Toolkit Affected: V3 , < V3.5.18.20 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Beckhoff CX9020 SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Linux Affected: V3 , < V4.5.0.0 (custom)
    Create a notification for this product.
    Date Public
    2022-07-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:03:38.611Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Gateway",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Windows",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Development System V3",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.10",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Runtime System Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Embedded Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Remote Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.20",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Beckhoff CX9020 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Linux",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-11T10:40:38.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#",
              "64129"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-07-08T06:00:00.000Z",
              "ID": "CVE-2022-30791",
              "STATE": "PUBLIC",
              "TITLE": "CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS Control RTE (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Win (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS HMI (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Development System V3",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Runtime System Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Embedded Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Remote Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for BeagleBone SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Beckhoff CX9020 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for emPC-A/iMX6 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for IOT2000 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Linux SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC100 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC200 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PLCnext SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Raspberry Pi SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Linux",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CODESYS"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-400 Uncontrolled Resource Consumption"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=",
                  "refsource": "CONFIRM",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
                }
              ]
            },
            "source": {
              "defect": [
                "CERT@VDE#",
                "64129"
              ],
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-30791",
        "datePublished": "2022-07-11T10:40:38.913Z",
        "dateReserved": "2022-05-16T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:48:31.565Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22519 (GCVE-0-2022-22519)

    Vulnerability from cvelistv5 – Published: 2022-04-07 18:21 – Updated: 2024-09-17 03:22
    VLAI
    Title
    Special HTTP(s) Requests can cause a buffer-read causing a crash of the webserver and the runtime system.
    Summary
    A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Runtime System Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Embedded Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Beckhoff CX9020 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    Date Public
    2022-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.378Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17094\u0026token=2fb188e2213c74194e81ba61ff99f1c68602ba4d\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Runtime System Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Embedded Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Remote Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Beckhoff CX9020 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "CWE-126 Buffer Over-read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-27T05:55:13.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17094\u0026token=2fb188e2213c74194e81ba61ff99f1c68602ba4d\u0026download="
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Special HTTP(s) Requests can cause a buffer-read causing a crash of the webserver and the runtime system.",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-04-06T10:00:00.000Z",
              "ID": "CVE-2022-22519",
              "STATE": "PUBLIC",
              "TITLE": "Special HTTP(s) Requests can cause a buffer-read causing a crash of the webserver and the runtime system."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS Control RTE (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Win (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS HMI (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Runtime System Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Embedded Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Remote Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for BeagleBone SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Beckhoff CX9020 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for emPC-A/iMX6 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for IOT2000 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Linux SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC100 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC200 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PLCnext SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Raspberry Pi SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CODESYS"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-126 Buffer Over-read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17094\u0026token=2fb188e2213c74194e81ba61ff99f1c68602ba4d\u0026download=",
                  "refsource": "MISC",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17094\u0026token=2fb188e2213c74194e81ba61ff99f1c68602ba4d\u0026download="
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-22519",
        "datePublished": "2022-04-07T18:21:23.764Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:22:45.345Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22517 (GCVE-0-2022-22517)

    Vulnerability from cvelistv5 – Published: 2022-04-07 18:21 – Updated: 2024-09-16 22:16
    VLAI
    Title
    Communication Components in multiple CODESYS products vulnerable to communication channel disruption
    Summary
    An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.
    CWE
    • CWE-334 - Small Space of Random Values
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Gateway Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Windows Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Development System V3 Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Runtime System Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Embedded Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Beckhoff CX9020 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Linux Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS OPC DA Server SL Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS PLCHandler Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    Date Public
    2022-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.454Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Gateway",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Windows",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Development System V3",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Runtime System Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Embedded Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Remote Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Beckhoff CX9020 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Linux",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS OPC DA Server SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS PLCHandler",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-334",
                  "description": "CWE-334 Small Space of Random Values",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-07T18:21:19.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download="
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Communication Components in multiple CODESYS products vulnerable to communication channel disruption",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-04-06T10:00:00.000Z",
              "ID": "CVE-2022-22517",
              "STATE": "PUBLIC",
              "TITLE": "Communication Components in multiple CODESYS products vulnerable to communication channel disruption"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS Control RTE (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Win (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS HMI (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Development System V3",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Runtime System Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Embedded Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Remote Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for BeagleBone SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Beckhoff CX9020 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for emPC-A/iMX6 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for IOT2000 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Linux SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC100 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC200 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PLCnext SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Raspberry Pi SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Linux",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS OPC DA Server SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS PLCHandler",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CODESYS"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-334 Small Space of Random Values"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download=",
                  "refsource": "MISC",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download="
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-22517",
        "datePublished": "2022-04-07T18:21:20.091Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:16:04.923Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22515 (GCVE-0-2022-22515)

    Vulnerability from cvelistv5 – Published: 2022-04-07 18:21 – Updated: 2024-09-16 17:59
    VLAI
    Title
    A component of the CODESYS Control runtime system allows read and write access to configuration files
    Summary
    A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.
    CWE
    • CWE-668 - Exposure of Resource to Wrong Sphere
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Development System V3 Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Runtime System Toolkit Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Embedded Target Visu Toolkit Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Toolkit Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Beckhoff CX9020 SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    Date Public
    2022-06-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.437Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17089\u0026token=cc5041e24fc744a397a6f6e3b78200a40e6fcd53\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Development System V3",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Runtime System Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Embedded Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Remote Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Beckhoff CX9020 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-06-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-668",
                  "description": "CWE-668 Exposure of Resource to Wrong Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T07:45:29.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17089\u0026token=cc5041e24fc744a397a6f6e3b78200a40e6fcd53\u0026download="
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "A component of the CODESYS Control runtime system allows read and write access to configuration files",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-06-01T10:00:00.000Z",
              "ID": "CVE-2022-22515",
              "STATE": "PUBLIC",
              "TITLE": "A component of the CODESYS Control runtime system allows read and write access to configuration files"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS Control RTE (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Win (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS HMI (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Development System V3",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Runtime System Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Embedded Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Remote Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for BeagleBone SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Beckhoff CX9020 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for emPC-A/iMX6 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for IOT2000 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Linux SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC100 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC200 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PLCnext SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Raspberry Pi SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CODESYS"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-668 Exposure of Resource to Wrong Sphere"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17089\u0026token=cc5041e24fc744a397a6f6e3b78200a40e6fcd53\u0026download=",
                  "refsource": "CONFIRM",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17089\u0026token=cc5041e24fc744a397a6f6e3b78200a40e6fcd53\u0026download="
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-22515",
        "datePublished": "2022-04-07T18:21:16.280Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:59:22.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22514 (GCVE-0-2022-22514)

    Vulnerability from cvelistv5 – Published: 2022-04-07 18:21 – Updated: 2024-09-17 03:03
    VLAI
    Title
    Untrusted Pointer Dereference in multiple CODESYS products can lead to a DoS.
    Summary
    An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.
    CWE
    • CWE-822 - Untrusted Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Gateway Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Windows Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Development System V3 Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Runtime System Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Embedded Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Beckhoff CX9020 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Linux Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    Date Public
    2022-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.446Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Gateway",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Windows",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Development System V3",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Runtime System Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Embedded Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Remote Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Beckhoff CX9020 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Linux",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "CWE-822: Untrusted Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-27T05:55:11.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Untrusted Pointer Dereference in multiple CODESYS products can lead to a DoS.",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-04-06T10:00:00.000Z",
              "ID": "CVE-2022-22514",
              "STATE": "PUBLIC",
              "TITLE": "Untrusted Pointer Dereference in multiple CODESYS products can lead to a DoS."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS Control RTE (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Win (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS HMI (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Development System V3",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Runtime System Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Embedded Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Remote Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for BeagleBone SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Beckhoff CX9020 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for emPC-A/iMX6 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for IOT2000 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Linux SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC100 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC200 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PLCnext SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Raspberry Pi SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Linux",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CODESYS"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-822: Untrusted Pointer Dereference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download=",
                  "refsource": "MISC",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-22514",
        "datePublished": "2022-04-07T18:21:14.309Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:03:50.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22513 (GCVE-0-2022-22513)

    Vulnerability from cvelistv5 – Published: 2022-04-07 18:21 – Updated: 2024-09-17 04:29
    VLAI
    Title
    Null Pointer Dereference in multiple CODESYS products can lead to a DoS.
    Summary
    An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Gateway Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Windows Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Development System V3 Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Runtime System Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Embedded Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Beckhoff CX9020 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Linux Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    Date Public
    2022-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.460Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Gateway",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Windows",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Development System V3",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Runtime System Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Embedded Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Remote Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Beckhoff CX9020 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Linux",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-27T05:55:10.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Null Pointer Dereference in multiple CODESYS products can lead to a DoS.",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-04-06T10:00:00.000Z",
              "ID": "CVE-2022-22513",
              "STATE": "PUBLIC",
              "TITLE": "Null Pointer Dereference in multiple CODESYS products can lead to a DoS."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS Control RTE (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Win (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS HMI (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Development System V3",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Runtime System Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Embedded Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Remote Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for BeagleBone SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Beckhoff CX9020 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for emPC-A/iMX6 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for IOT2000 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Linux SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC100 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC200 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PLCnext SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Raspberry Pi SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Linux",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CODESYS"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-476 NULL Pointer Dereference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download=",
                  "refsource": "MISC",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-22513",
        "datePublished": "2022-04-07T18:21:12.792Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:29:14.122Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }