Search criteria
54 vulnerabilities found for gateway by codesys
VAR-202204-1264
Vulnerability from variot - Updated: 2025-10-04 22:44An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-1264",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control win sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control rte sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for pfc200 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "hmi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for beaglebone sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for raspberry pi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for linux sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control rte sl \\",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for iot2000 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for wago touch panels 600 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "embedded target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for pfc100 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for plcnext sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for beckhoff cx9020",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "development system",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "remote target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for empc-a/imx6 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for plcnext sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control win sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte v3",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beckhoff cx9020",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control runtime system toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "embedded target visu toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "development system",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for raspberry pi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beaglebone sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "hmi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "edge gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc200 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for linux sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for iot2000 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc100 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for wago touch panels 600 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"db": "NVD",
"id": "CVE-2022-22513"
}
]
},
"cve": "CVE-2022-22513",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2022-22513",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-411082",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2022-22513",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-22513",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-22513",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2022-22513",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-22513",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-2623",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-411082",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2022-22513",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411082"
},
{
"db": "VULMON",
"id": "CVE-2022-22513"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2623"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"db": "NVD",
"id": "CVE-2022-22513"
},
{
"db": "NVD",
"id": "CVE-2022-22513"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22513"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"db": "VULHUB",
"id": "VHN-411082"
},
{
"db": "VULMON",
"id": "CVE-2022-22513"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22513",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU90492166",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-25-273-04",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007941",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2623",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-411082",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-22513",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411082"
},
{
"db": "VULMON",
"id": "CVE-2022-22513"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2623"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"db": "NVD",
"id": "CVE-2022-22513"
}
]
},
"id": "VAR-202204-1264",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-411082"
}
],
"trust": 0.01
},
"last_update_date": "2025-10-04T22:44:28.756000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CODESYS Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189579"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22513"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2623"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411082"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"db": "NVD",
"id": "CVE-2022-22513"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90492166/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22513"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-04"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22513/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17093\u0026amp;token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411082"
},
{
"db": "VULMON",
"id": "CVE-2022-22513"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2623"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"db": "NVD",
"id": "CVE-2022-22513"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-411082"
},
{
"db": "VULMON",
"id": "CVE-2022-22513"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2623"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"db": "NVD",
"id": "CVE-2022-22513"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-07T00:00:00",
"db": "VULHUB",
"id": "VHN-411082"
},
{
"date": "2022-04-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22513"
},
{
"date": "2022-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2623"
},
{
"date": "2023-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"date": "2022-04-07T19:15:08.073000",
"db": "NVD",
"id": "CVE-2022-22513"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-10T00:00:00",
"db": "VULHUB",
"id": "VHN-411082"
},
{
"date": "2022-05-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22513"
},
{
"date": "2022-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2623"
},
{
"date": "2025-10-02T08:49:00",
"db": "JVNDB",
"id": "JVNDB-2022-007941"
},
{
"date": "2024-11-21T06:46:55.900000",
"db": "NVD",
"id": "CVE-2022-22513"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2623"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0CODESYS\u00a0GmbH\u00a0 In the product \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007941"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2623"
}
],
"trust": 0.6
}
}
VAR-202204-0725
Vulnerability from variot - Updated: 2025-10-04 22:43An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product contains an unreliable pointer dereference vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-0725",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control win sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control rte sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for pfc200 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "hmi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "development system",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for beaglebone sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for raspberry pi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for linux sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control rte sl \\",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for iot2000 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for wago touch panels 600 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "embedded target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for pfc100 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for plcnext sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for beckhoff cx9020",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "development system",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "remote target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for empc-a/imx6 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for plcnext sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control win sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte v3",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beckhoff cx9020",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control runtime system toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "embedded target visu toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "development system",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for raspberry pi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beaglebone sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "hmi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "edge gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc200 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for linux sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for iot2000 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc100 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for wago touch panels 600 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"db": "NVD",
"id": "CVE-2022-22514"
}
]
},
"cve": "CVE-2022-22514",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2022-22514",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-411083",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2022-22514",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-22514",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-22514",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2022-22514",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-22514",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-2621",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-411083",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-22514",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411083"
},
{
"db": "VULMON",
"id": "CVE-2022-22514"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2621"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"db": "NVD",
"id": "CVE-2022-22514"
},
{
"db": "NVD",
"id": "CVE-2022-22514"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product contains an unreliable pointer dereference vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22514"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"db": "VULHUB",
"id": "VHN-411083"
},
{
"db": "VULMON",
"id": "CVE-2022-22514"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22514",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU90492166",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-25-273-04",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008142",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2621",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-411083",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-22514",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411083"
},
{
"db": "VULMON",
"id": "CVE-2022-22514"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2621"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"db": "NVD",
"id": "CVE-2022-22514"
}
]
},
"id": "VAR-202204-0725",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-411083"
}
],
"trust": 0.01
},
"last_update_date": "2025-10-04T22:43:24.178000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CODESYS Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189800"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22514"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2621"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-822",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 1.0
},
{
"problemtype": "unreliable pointer dereference (CWE-822) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411083"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"db": "NVD",
"id": "CVE-2022-22514"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90492166/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22514"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-04"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22514/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17093\u0026amp;token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/822.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411083"
},
{
"db": "VULMON",
"id": "CVE-2022-22514"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2621"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"db": "NVD",
"id": "CVE-2022-22514"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-411083"
},
{
"db": "VULMON",
"id": "CVE-2022-22514"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2621"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"db": "NVD",
"id": "CVE-2022-22514"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-07T00:00:00",
"db": "VULHUB",
"id": "VHN-411083"
},
{
"date": "2022-04-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22514"
},
{
"date": "2022-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2621"
},
{
"date": "2023-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"date": "2022-04-07T19:15:08.133000",
"db": "NVD",
"id": "CVE-2022-22514"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-10T00:00:00",
"db": "VULHUB",
"id": "VHN-411083"
},
{
"date": "2022-05-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22514"
},
{
"date": "2022-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2621"
},
{
"date": "2025-10-02T08:47:00",
"db": "JVNDB",
"id": "JVNDB-2022-008142"
},
{
"date": "2024-11-21T06:46:56.033000",
"db": "NVD",
"id": "CVE-2022-22514"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2621"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0CODESYS\u00a0GmbH\u00a0 Product Untrusted Pointer Dereference Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008142"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2621"
}
],
"trust": 0.6
}
}
VAR-201908-0056
Vulnerability from variot - Updated: 2025-10-04 21:55An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System. plural 3S-Smart CODESYS The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. 3S-Smart Software Solutions CODESYS Control for BeagleBone and CODESYS Control are a set of industrial control program programming software from Germany 3S-Smart Software Solutions. There are security holes in several 3S-Smart Software Solutions products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0056",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control for empc-a\\/imx6 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for linux sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control runtime toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for raspberry pi sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for iot2000 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control for pfc100 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for beaglebone sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc200 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control for linux sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for beaglebone sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control for iot2000 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc100 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control for pfc200 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "development system",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "development system",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control runtime toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control for raspberry pi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control runtime system toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for empc-a/imx6 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "development system",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for raspberry pi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control for pfc200 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for linux sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beaglebone sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for iot2000 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc100 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008669"
},
{
"db": "NVD",
"id": "CVE-2019-9012"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3S-Smart Software Solutions GmbH",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-156"
}
],
"trust": 0.6
},
"cve": "CVE-2019-9012",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9012",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-160447",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9012",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-9012",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9012",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-9012",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-156",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-160447",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160447"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-156"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008669"
},
{
"db": "NVD",
"id": "CVE-2019-9012"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System. plural 3S-Smart CODESYS The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. 3S-Smart Software Solutions CODESYS Control for BeagleBone and CODESYS Control are a set of industrial control program programming software from Germany 3S-Smart Software Solutions. \nThere are security holes in several 3S-Smart Software Solutions products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9012"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008669"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-156"
},
{
"db": "VULHUB",
"id": "VHN-160447"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9012",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-19-213-03",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU90492166",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-25-273-04",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008669",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-156",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-213-04",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2901",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-160447",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160447"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-156"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008669"
},
{
"db": "NVD",
"id": "CVE-2019-9012"
}
]
},
"id": "VAR-201908-0056",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160447"
}
],
"trust": 0.01
},
"last_update_date": "2025-10-04T21:55:11.074000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.codesys.com/"
},
{
"title": "Multiple 3S-Smart Software Solutions Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95917"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-156"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008669"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-770",
"trust": 1.1
},
{
"problemtype": "Resource exhaustion (CWE-400) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-400",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160447"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008669"
},
{
"db": "NVD",
"id": "CVE-2019-9012"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
},
{
"trust": 1.6,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=12938\u0026token=b9eb30f53246dc57b2e7cb302356a05547148fa2\u0026download="
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9012"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90492166/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-04"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-04"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2901/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=12938\u0026amp;token=b9eb30f53246dc57b2e7cb302356a05547148fa2\u0026amp;download="
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160447"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-156"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008669"
},
{
"db": "NVD",
"id": "CVE-2019-9012"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-160447"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-156"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008669"
},
{
"db": "NVD",
"id": "CVE-2019-9012"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-160447"
},
{
"date": "2019-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-156"
},
{
"date": "2019-09-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008669"
},
{
"date": "2019-08-15T18:15:23.477000",
"db": "NVD",
"id": "CVE-2019-9012"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-160447"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-156"
},
{
"date": "2025-10-02T08:42:00",
"db": "JVNDB",
"id": "JVNDB-2019-008669"
},
{
"date": "2024-11-21T04:50:48.627000",
"db": "NVD",
"id": "CVE-2019-9012"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-156"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a03S-Smart\u00a0CODESYS\u00a0 Product resource exhaustion vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008669"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-156"
}
],
"trust": 0.6
}
}
VAR-201909-0084
Vulnerability from variot - Updated: 2025-10-04 21:19An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash. 3S-Smart CODESYS There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. 3S-Smart Software Solutions CODESYS Control is a set of industrial control program programming software from Germany 3S-Smart Software Solutions. A security vulnerability exists in 3S-Smart Software Solutions CODESYS Control. An attacker could exploit the vulnerability with a specially crafted request to cause a denial of service. The following products and versions are affected: CODESYS Control for BeagleBone version before 3.5.15.0, CODESYS Control for emPC-A / iMX6 version before 3.5.15.0, CODESYS Control for IOT2000 version before 3.5.15.0, CODESYS Control for Linux version before 3.5.15.0 , Before CODESYS Control for PFC100 3.5.15.0, before CODESYS Control for PFC200 3.5.15.0, before CODESYS Control for Raspberry Pi 3.5.15.0, before CODESYS Control RTE V3 3.5.15.0, before CODESYS Control RTE V3 3.5.15.0 Version (for Beckhoff CX), CODESYS Control Win V3 before 3.5.15.0 (part of CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit before 3.5.15.0, CODESYS V3 Safety SIL2 before 3.5.15.0, CODESYS Gateway V3 Version before 3.5.15.0, CODESYS HMI V3 version before 3.5.15.0, CODESYS V3 Simulation Runtime version before 3.5.15.0 (part of CODESYS Development System)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0084",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control for empc-a\\/imx6",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control for beaglebone",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "linux",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control for pfc200",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control rte",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "simulation runtime",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control for pfc100",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control win",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "safety sil2",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control for iot2000",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "hmi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control for raspberry pi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.0"
},
{
"model": "control for empc-a/imx6 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for raspberry pi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control win sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc200 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beaglebone sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for iot2000 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc100 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "hmi",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"db": "NVD",
"id": "CVE-2019-9009"
}
]
},
"cve": "CVE-2019-9009",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9009",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-160444",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9009",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-9009",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9009",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-9009",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-659",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-160444",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160444"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-659"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"db": "NVD",
"id": "CVE-2019-9009"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash. 3S-Smart CODESYS There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. 3S-Smart Software Solutions CODESYS Control is a set of industrial control program programming software from Germany 3S-Smart Software Solutions. \nA security vulnerability exists in 3S-Smart Software Solutions CODESYS Control. An attacker could exploit the vulnerability with a specially crafted request to cause a denial of service. The following products and versions are affected: CODESYS Control for BeagleBone version before 3.5.15.0, CODESYS Control for emPC-A / iMX6 version before 3.5.15.0, CODESYS Control for IOT2000 version before 3.5.15.0, CODESYS Control for Linux version before 3.5.15.0 , Before CODESYS Control for PFC100 3.5.15.0, before CODESYS Control for PFC200 3.5.15.0, before CODESYS Control for Raspberry Pi 3.5.15.0, before CODESYS Control RTE V3 3.5.15.0, before CODESYS Control RTE V3 3.5.15.0 Version (for Beckhoff CX), CODESYS Control Win V3 before 3.5.15.0 (part of CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit before 3.5.15.0, CODESYS V3 Safety SIL2 before 3.5.15.0, CODESYS Gateway V3 Version before 3.5.15.0, CODESYS HMI V3 version before 3.5.15.0, CODESYS V3 Simulation Runtime version before 3.5.15.0 (part of CODESYS Development System)",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9009"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-659"
},
{
"db": "VULHUB",
"id": "VHN-160444"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9009",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-05",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU90492166",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-25-273-04",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009519",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-659",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3487",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-04",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-03",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-02",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-255-01",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-160444",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160444"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-659"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"db": "NVD",
"id": "CVE-2019-9009"
}
]
},
"id": "VAR-201909-0084",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160444"
}
],
"trust": 0.01
},
"last_update_date": "2025-10-04T21:19:31.060000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.codesys.com/"
},
{
"title": "CODESYS V3 runtime systems Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98233"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-659"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.0
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-20",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160444"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"db": "NVD",
"id": "CVE-2019-9009"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-05"
},
{
"trust": 1.6,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=12941\u0026token=50fabe3870c7bdc41701eb1799dddeec103de40c\u0026download="
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9009"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90492166/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-04"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-04"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-03"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-02"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3487/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=12941\u0026amp;token=50fabe3870c7bdc41701eb1799dddeec103de40c\u0026amp;download="
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160444"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-659"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"db": "NVD",
"id": "CVE-2019-9009"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-160444"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-659"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"db": "NVD",
"id": "CVE-2019-9009"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-17T00:00:00",
"db": "VULHUB",
"id": "VHN-160444"
},
{
"date": "2019-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-659"
},
{
"date": "2019-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"date": "2019-09-17T16:15:11.077000",
"db": "NVD",
"id": "CVE-2019-9009"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-11T00:00:00",
"db": "VULHUB",
"id": "VHN-160444"
},
{
"date": "2022-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-659"
},
{
"date": "2025-10-02T08:44:00",
"db": "JVNDB",
"id": "JVNDB-2019-009519"
},
{
"date": "2024-11-21T04:50:48.197000",
"db": "NVD",
"id": "CVE-2019-9009"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-659"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3S-Smart\u00a0CODESYS\u00a0 Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009519"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-659"
}
],
"trust": 0.6
}
}
VAR-201902-0731
Vulnerability from variot - Updated: 2025-10-04 21:15Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0. CODESYS The product contains an insufficient random value usage vulnerability.Information may be obtained. 3S-Smart CODESYS Control for BeagleBone, etc. are all German 3S-Smart Software Solutions company's programming software for industrial control system development.
A number of 3S-Smart Software Solutions products have security vulnerabilities that result from programs using values with insufficient randomness. An attacker could use this vulnerability to affect the confidentiality and integrity of the data. The following products are affected: 3S-Smart CODESYS Control for BeagleBone; CODESYS Control for emPC-A / iMX6; CODESYS Control for IOT2000; CODESYS Control for Linux; CODESYS Control for PFC100; CODESYS Control for PFC200; CODESYS Control for Raspberry Pi; CODESYS Control RTE V3; CODESYS Control RTE V3 (for Beckhoff CX); CODESYS Control Win V3 (part of CODESYS Development System setup); CODESYS Control V3 Runtime System Toolkit; CODESYS V3 Embedded Target Visu Toolkit; CODESYS V3 Remote Target Visu Toolkit; CODESYS V3 Safety SIL2; CODESYS Gateway V3; CODESYS HMI V3; CODESYS OPC Server V3; CODESYS PLCHandler SDK; CODESYS V3 Development System; CODESYS V3 Simulation Runtime (part of CODESYS Development System). 3S-Smart Software CODESYS is prone to the following security vulnerabilities: 1. An insecure random number generator weakness 3. A spoofing vulnerability An attacker can exploit these vulnerabilities to bypass security restrictions and perform certain unauthorized actions and to insert and display spoofed content. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0731",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control for empc-a\\/imx6 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc100 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control for beaglebone sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control rte sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control runtime toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for raspberry pi sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc200 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "hmi sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control for pfc100 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for beaglebone sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for linux sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for iot2000 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "development system",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "safety sil2",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc200 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control runtime toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control rte sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "development system",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control for raspberry pi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "hmi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control win sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "safety sil2",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control for linux sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control rte sl \\",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control win sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for iot2000 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control rte sl \\",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control rte v3",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for empc-a/imx6 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control runtime toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for raspberry pi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc200 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for linux sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beaglebone sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for iot2000 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc100 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "codesys simulation runtime",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys safety sil2",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys remote target visu toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys embedded target visu toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys development system",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys plchandler sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys opc server",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys hmi",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "3"
},
{
"model": "codesys control win",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys control runtime system toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys control rte",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "3"
},
{
"model": "codesys control for raspberry pi",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys control for pfc200",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys control for pfc100",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys control for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys control for iot2000",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys control for empc-a/imx6",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys control for beaglebone",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "106251"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014590"
},
{
"db": "NVD",
"id": "CVE-2018-20025"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexander Nochvay from Kaspersky Lab",
"sources": [
{
"db": "BID",
"id": "106251"
}
],
"trust": 0.3
},
"cve": "CVE-2018-20025",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-20025",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-130790",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-20025",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-20025",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-20025",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-786",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-130790",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-130790"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-786"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014590"
},
{
"db": "NVD",
"id": "CVE-2018-20025"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0. CODESYS The product contains an insufficient random value usage vulnerability.Information may be obtained. 3S-Smart CODESYS Control for BeagleBone, etc. are all German 3S-Smart Software Solutions company\u0027s programming software for industrial control system development. \n\nA number of 3S-Smart Software Solutions products have security vulnerabilities that result from programs using values with insufficient randomness. An attacker could use this vulnerability to affect the confidentiality and integrity of the data. The following products are affected: 3S-Smart CODESYS Control for BeagleBone; CODESYS Control for emPC-A / iMX6; CODESYS Control for IOT2000; CODESYS Control for Linux; CODESYS Control for PFC100; CODESYS Control for PFC200; CODESYS Control for Raspberry Pi; CODESYS Control RTE V3; CODESYS Control RTE V3 (for Beckhoff CX); CODESYS Control Win V3 (part of CODESYS Development System setup); CODESYS Control V3 Runtime System Toolkit; CODESYS V3 Embedded Target Visu Toolkit; CODESYS V3 Remote Target Visu Toolkit; CODESYS V3 Safety SIL2; CODESYS Gateway V3; CODESYS HMI V3; CODESYS OPC Server V3; CODESYS PLCHandler SDK; CODESYS V3 Development System; CODESYS V3 Simulation Runtime (part of CODESYS Development System). 3S-Smart Software CODESYS is prone to the following security vulnerabilities:\n1. An insecure random number generator weakness\n3. A spoofing vulnerability\nAn attacker can exploit these vulnerabilities to bypass security restrictions and perform certain unauthorized actions and to insert and display spoofed content. Other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20025"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014590"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-786"
},
{
"db": "BID",
"id": "106251"
},
{
"db": "VULHUB",
"id": "VHN-130790"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-20025",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-352-04",
"trust": 2.8
},
{
"db": "BID",
"id": "106251",
"trust": 2.0
},
{
"db": "JVN",
"id": "JVNVU90492166",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-25-273-04",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014590",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-786",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-130790",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-130790"
},
{
"db": "BID",
"id": "106251"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-786"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014590"
},
{
"db": "NVD",
"id": "CVE-2018-20025"
}
]
},
"id": "VAR-201902-0731",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-130790"
}
],
"trust": 0.01
},
"last_update_date": "2025-10-04T21:15:53.343000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.codesys.com/"
},
{
"title": "Multiple 3S-Smart Software Solutions Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87984"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-786"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014590"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-330",
"trust": 1.1
},
{
"problemtype": "Insufficient use of random values (CWE-330) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-130790"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014590"
},
{
"db": "NVD",
"id": "CVE-2018-20025"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-352-04"
},
{
"trust": 2.0,
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/106251"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20025"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90492166/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-04"
},
{
"trust": 0.3,
"url": "https://www.codesys.com/"
},
{
"trust": 0.3,
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-130790"
},
{
"db": "BID",
"id": "106251"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-786"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014590"
},
{
"db": "NVD",
"id": "CVE-2018-20025"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-130790"
},
{
"db": "BID",
"id": "106251"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-786"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014590"
},
{
"db": "NVD",
"id": "CVE-2018-20025"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-19T00:00:00",
"db": "VULHUB",
"id": "VHN-130790"
},
{
"date": "2018-12-18T00:00:00",
"db": "BID",
"id": "106251"
},
{
"date": "2018-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-786"
},
{
"date": "2019-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014590"
},
{
"date": "2019-02-19T21:29:00.243000",
"db": "NVD",
"id": "CVE-2018-20025"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-130790"
},
{
"date": "2018-12-18T00:00:00",
"db": "BID",
"id": "106251"
},
{
"date": "2019-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-786"
},
{
"date": "2025-10-02T08:38:00",
"db": "JVNDB",
"id": "JVNDB-2018-014590"
},
{
"date": "2024-11-21T04:00:46.897000",
"db": "NVD",
"id": "CVE-2018-20025"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-786"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS\u00a0 Insufficient Random Value Usage Vulnerability in Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014590"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-786"
}
],
"trust": 0.6
}
}
VAR-202105-1033
Vulnerability from variot - Updated: 2025-10-04 20:31CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages. (DoS) It may be in a state. 3s-smart Software Solutions CODESYS Control is a set of industrial control program programming software from 3S-Smart Software Solutions (3s-smart Software Solutions) company in Germany
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-1033",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control for linux arm sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.1.0.0"
},
{
"model": "control for pfc200 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.1.0.0"
},
{
"model": "control rte",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.17.0"
},
{
"model": "control runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.17.0"
},
{
"model": "hmi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.17.0"
},
{
"model": "control runtime system toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for plcnext sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for linux arm sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc200 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "hmi",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "remote target visu toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "safety sil",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.17.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.1.0.0"
},
{
"model": "plchandler",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.17.0"
},
{
"model": "simulation runtime",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.17.0"
},
{
"model": "control for plcnext sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.1.0.0"
},
{
"model": "control rte",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "safety sil",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for beaglebone sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.17.0"
},
{
"model": "simulation runtime",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for beaglebone sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.1.0.0"
},
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for wago touch panels 600 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "embedded target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.17.0"
},
{
"model": "plchandler",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for iot2000 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for wago touch panels 600 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.1.0.0"
},
{
"model": "control for iot2000 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.1.0.0"
},
{
"model": "control for pfc100 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "opc server",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.17.0"
},
{
"model": "control for linux sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.1.0.0"
},
{
"model": "control for raspberry pi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.1.0.0"
},
{
"model": "control for pfc100 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.1.0.0"
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.1.0.0"
},
{
"model": "embedded target visu toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "opc server",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for linux sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for raspberry pi sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control win",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.17.0"
},
{
"model": "remote target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.17.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.17.0"
},
{
"model": "control win",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control win",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for empc-a/imx6 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for raspberry pi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc200 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for linux sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beaglebone sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for iot2000 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc100 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006714"
},
{
"db": "NVD",
"id": "CVE-2021-29242"
}
]
},
"cve": "CVE-2021-29242",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-29242",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-388815",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2021-29242",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-29242",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-29242",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-29242",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-050",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-388815",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-29242",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388815"
},
{
"db": "VULMON",
"id": "CVE-2021-29242"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-050"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006714"
},
{
"db": "NVD",
"id": "CVE-2021-29242"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router\u0027s addressing scheme and may re-route, add, remove or change low level communication packages. (DoS) It may be in a state. 3s-smart Software Solutions CODESYS Control is a set of industrial control program programming software from 3S-Smart Software Solutions (3s-smart Software Solutions) company in Germany",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-29242"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006714"
},
{
"db": "VULHUB",
"id": "VHN-388815"
},
{
"db": "VULMON",
"id": "CVE-2021-29242"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-29242",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU90492166",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-25-273-04",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006714",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-050",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-388815",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-29242",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388815"
},
{
"db": "VULMON",
"id": "CVE-2021-29242"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-050"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006714"
},
{
"db": "NVD",
"id": "CVE-2021-29242"
}
]
},
"id": "VAR-202105-1033",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-388815"
}
],
"trust": 0.01
},
"last_update_date": "2025-10-04T20:31:16.653000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advisory\u00a02021-01 CODESYS",
"trust": 0.8,
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14640\u0026token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873\u0026download="
},
{
"title": "3s-smart Software Solutions CODESYS Control Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150530"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-050"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006714"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388815"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006714"
},
{
"db": "NVD",
"id": "CVE-2021-29242"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://customers.codesys.com/index.php"
},
{
"trust": 1.8,
"url": "https://www.codesys.com/security/security-reports.html"
},
{
"trust": 1.7,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=14640\u0026token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873\u0026download="
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29242"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90492166/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-04"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=14640\u0026amp;token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388815"
},
{
"db": "VULMON",
"id": "CVE-2021-29242"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-050"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006714"
},
{
"db": "NVD",
"id": "CVE-2021-29242"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-388815"
},
{
"db": "VULMON",
"id": "CVE-2021-29242"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-050"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006714"
},
{
"db": "NVD",
"id": "CVE-2021-29242"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-388815"
},
{
"date": "2021-05-03T00:00:00",
"db": "VULMON",
"id": "CVE-2021-29242"
},
{
"date": "2021-05-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-050"
},
{
"date": "2022-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006714"
},
{
"date": "2021-05-03T14:15:07.667000",
"db": "NVD",
"id": "CVE-2021-29242"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-14T00:00:00",
"db": "VULHUB",
"id": "VHN-388815"
},
{
"date": "2021-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-29242"
},
{
"date": "2021-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-050"
},
{
"date": "2025-10-02T08:46:00",
"db": "JVNDB",
"id": "JVNDB-2021-006714"
},
{
"date": "2021-09-14T18:18:36.333000",
"db": "NVD",
"id": "CVE-2021-29242"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-050"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS\u00a0Control\u00a0Runtime\u00a0 Vulnerabilities related to input validation in systems",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006714"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-050"
}
],
"trust": 0.6
}
}
VAR-201902-0732
Vulnerability from variot - Updated: 2025-10-04 20:15Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. CODESYS V3 There are unspecified vulnerabilities in the product.Information may be obtained. 3S-Smart CODESYS Control for BeagleBone, etc. are all German 3S-Smart Software Solutions company's programming software for industrial control system development.
A security vulnerability exists in several 3S-Smart Software Solutions products, which stems from programs that do not properly restrict communication channels. An attacker could use this vulnerability to impersonate the source of a communication packet. The following products are affected: 3S-Smart CODESYS Control for BeagleBone, CODESYS Control for emPC-A / iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (part of CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Development System, CODESYS V3 Simulation Runtime (part of CODESYS Development System). 3S-Smart Software CODESYS is prone to the following security vulnerabilities: 1. An insecure random number generator weakness 3. A spoofing vulnerability An attacker can exploit these vulnerabilities to bypass security restrictions and perform certain unauthorized actions and to insert and display spoofed content. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0732",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control for empc-a\\/imx6 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc100 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control for beaglebone sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control rte sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control runtime toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for raspberry pi sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc200 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "development system v3",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "hmi sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "opc server",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "plchandler",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc100 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for beaglebone sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for linux sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for iot2000 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "safety sil2",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc200 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "opc server",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control runtime toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control rte sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control for raspberry pi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "development system v3",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "hmi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control win sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "targetvisu sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "plchandler",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "safety sil2",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control for linux sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control rte sl \\",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control win sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for iot2000 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "targetvisu sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control rte sl \\",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.0"
},
{
"model": "control runtime system toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte v3",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for empc-a/imx6 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for raspberry pi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc200 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for linux sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beaglebone sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for iot2000 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc100 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "codesys simulation runtime",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys safety sil2",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys remote target visu toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys embedded target visu toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys development system",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys plchandler sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys opc server",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys hmi",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "3"
},
{
"model": "codesys control win",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys control runtime system toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "v30"
},
{
"model": "codesys control rte",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "3"
},
{
"model": "codesys control for raspberry pi",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys control for pfc200",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys control for pfc100",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys control for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys control for iot2000",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys control for empc-a/imx6",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
},
{
"model": "codesys control for beaglebone",
"scope": "eq",
"trust": 0.3,
"vendor": "3s",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "106251"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014638"
},
{
"db": "NVD",
"id": "CVE-2018-20026"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexander Nochvay from Kaspersky Lab",
"sources": [
{
"db": "BID",
"id": "106251"
}
],
"trust": 0.3
},
"cve": "CVE-2018-20026",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-20026",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-130791",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-20026",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-20026",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-20026",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-20026",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-787",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-130791",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-130791"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-787"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014638"
},
{
"db": "NVD",
"id": "CVE-2018-20026"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. CODESYS V3 There are unspecified vulnerabilities in the product.Information may be obtained. 3S-Smart CODESYS Control for BeagleBone, etc. are all German 3S-Smart Software Solutions company\u0027s programming software for industrial control system development. \n\nA security vulnerability exists in several 3S-Smart Software Solutions products, which stems from programs that do not properly restrict communication channels. An attacker could use this vulnerability to impersonate the source of a communication packet. The following products are affected: 3S-Smart CODESYS Control for BeagleBone, CODESYS Control for emPC-A / iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (part of CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Development System, CODESYS V3 Simulation Runtime (part of CODESYS Development System). 3S-Smart Software CODESYS is prone to the following security vulnerabilities:\n1. An insecure random number generator weakness\n3. A spoofing vulnerability\nAn attacker can exploit these vulnerabilities to bypass security restrictions and perform certain unauthorized actions and to insert and display spoofed content. Other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20026"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014638"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-787"
},
{
"db": "BID",
"id": "106251"
},
{
"db": "VULHUB",
"id": "VHN-130791"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-20026",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-352-04",
"trust": 2.8
},
{
"db": "BID",
"id": "106251",
"trust": 2.0
},
{
"db": "JVN",
"id": "JVNVU90492166",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014638",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-787",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-130791",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-130791"
},
{
"db": "BID",
"id": "106251"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-787"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014638"
},
{
"db": "NVD",
"id": "CVE-2018-20026"
}
]
},
"id": "VAR-201902-0732",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-130791"
}
],
"trust": 0.01
},
"last_update_date": "2025-10-04T20:15:01.065000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.codesys.com/"
},
{
"title": "Multiple 3S-Smart Software Solutions Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87985"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-787"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014638"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-254",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-130791"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014638"
},
{
"db": "NVD",
"id": "CVE-2018-20026"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/106251"
},
{
"trust": 2.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-352-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20026"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90492166/index.html"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-18-352-04"
},
{
"trust": 0.3,
"url": "https://www.codesys.com/"
},
{
"trust": 0.3,
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-130791"
},
{
"db": "BID",
"id": "106251"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-787"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014638"
},
{
"db": "NVD",
"id": "CVE-2018-20026"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-130791"
},
{
"db": "BID",
"id": "106251"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-787"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014638"
},
{
"db": "NVD",
"id": "CVE-2018-20026"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-19T00:00:00",
"db": "VULHUB",
"id": "VHN-130791"
},
{
"date": "2018-12-18T00:00:00",
"db": "BID",
"id": "106251"
},
{
"date": "2018-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-787"
},
{
"date": "2019-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014638"
},
{
"date": "2019-02-19T21:29:00.290000",
"db": "NVD",
"id": "CVE-2018-20026"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-130791"
},
{
"date": "2018-12-18T00:00:00",
"db": "BID",
"id": "106251"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-787"
},
{
"date": "2025-10-02T08:33:00",
"db": "JVNDB",
"id": "JVNDB-2018-014638"
},
{
"date": "2024-11-21T04:00:47.033000",
"db": "NVD",
"id": "CVE-2018-20026"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-787"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS\u00a0V3\u00a0 Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014638"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-787"
}
],
"trust": 0.6
}
}
VAR-202204-1265
Vulnerability from variot - Updated: 2025-10-03 22:30An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product contains an insufficient random value usage vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-1265",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control win sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control rte sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for pfc200 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "hmi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "development system",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for beaglebone sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for raspberry pi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for linux sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control rte sl \\",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for iot2000 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for wago touch panels 600 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "embedded target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for pfc100 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for plcnext sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for beckhoff cx9020",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "development system",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "remote target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.0"
},
{
"model": "control for raspberry pi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for plcnext sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for iot2000 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for empc-a/imx6 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control win sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beaglebone sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control runtime system toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "edge gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beckhoff cx9020",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for linux sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc100 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "hmi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "development system",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte v3",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc200 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for wago touch panels 600 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "embedded target visu toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"db": "NVD",
"id": "CVE-2022-22517"
}
]
},
"cve": "CVE-2022-22517",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-22517",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-411086",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-22517",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-22517",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-22517",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2022-22517",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-22517",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-2618",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-411086",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-22517",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411086"
},
{
"db": "VULMON",
"id": "CVE-2022-22517"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2618"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"db": "NVD",
"id": "CVE-2022-22517"
},
{
"db": "NVD",
"id": "CVE-2022-22517"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product contains an insufficient random value usage vulnerability.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22517"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"db": "VULHUB",
"id": "VHN-411086"
},
{
"db": "VULMON",
"id": "CVE-2022-22517"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22517",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-25-273-04",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU90492166",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008139",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2618",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-411086",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-22517",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411086"
},
{
"db": "VULMON",
"id": "CVE-2022-22517"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2618"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"db": "NVD",
"id": "CVE-2022-22517"
}
]
},
"id": "VAR-202204-1265",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-411086"
}
],
"trust": 0.01
},
"last_update_date": "2025-10-03T22:30:24.628000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CODESYS Fixing measures for security feature vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189797"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22517"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2618"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-330",
"trust": 1.1
},
{
"problemtype": "CWE-334",
"trust": 1.0
},
{
"problemtype": "Insufficient use of random values (CWE-330) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411086"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"db": "NVD",
"id": "CVE-2022-22517"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download="
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90492166/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22517"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-04"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22517/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17091\u0026amp;token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411086"
},
{
"db": "VULMON",
"id": "CVE-2022-22517"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2618"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"db": "NVD",
"id": "CVE-2022-22517"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-411086"
},
{
"db": "VULMON",
"id": "CVE-2022-22517"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2618"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"db": "NVD",
"id": "CVE-2022-22517"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-07T00:00:00",
"db": "VULHUB",
"id": "VHN-411086"
},
{
"date": "2022-04-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22517"
},
{
"date": "2022-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2618"
},
{
"date": "2023-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"date": "2022-04-07T19:15:08.300000",
"db": "NVD",
"id": "CVE-2022-22517"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-411086"
},
{
"date": "2022-04-18T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22517"
},
{
"date": "2022-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2618"
},
{
"date": "2025-10-02T06:34:00",
"db": "JVNDB",
"id": "JVNDB-2022-008139"
},
{
"date": "2024-11-21T06:46:56.430000",
"db": "NVD",
"id": "CVE-2022-22517"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2618"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0CODESYS\u00a0GmbH\u00a0 Insufficient Random Value Usage Vulnerability in Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008139"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2618"
}
],
"trust": 0.6
}
}
VAR-201908-0055
Vulnerability from variot - Updated: 2025-10-03 22:13An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System. plural 3S-Smart CODESYS There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. 3S-Smart Software Solutions CODESYS Control for BeagleBone and CODESYS Control are a set of industrial control program programming software from Germany 3S-Smart Software Solutions. A security vulnerability exists in several 3S-Smart Software Solutions products. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor announcement
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0055",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control for empc-a\\/imx6 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for linux sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control runtime toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for raspberry pi sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for iot2000 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control for pfc100 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for beaglebone sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc200 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control for linux sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for beaglebone sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control for iot2000 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc100 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control for pfc200 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "development system",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "development system",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control runtime toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control for raspberry pi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control runtime system toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for raspberry pi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for iot2000 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for empc-a/imx6 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beaglebone sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "development system",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for linux sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc200 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "codesys",
"version": "3.5.14.20"
},
{
"model": "control for pfc100 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008668"
},
{
"db": "NVD",
"id": "CVE-2019-9010"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3S-Smart Software Solutions GmbH",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-161"
}
],
"trust": 0.6
},
"cve": "CVE-2019-9010",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9010",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-160445",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9010",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-9010",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9010",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-9010",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-161",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-160445",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160445"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-161"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008668"
},
{
"db": "NVD",
"id": "CVE-2019-9010"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System. plural 3S-Smart CODESYS There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. 3S-Smart Software Solutions CODESYS Control for BeagleBone and CODESYS Control are a set of industrial control program programming software from Germany 3S-Smart Software Solutions. \nA security vulnerability exists in several 3S-Smart Software Solutions products. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor announcement",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9010"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008668"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-161"
},
{
"db": "VULHUB",
"id": "VHN-160445"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9010",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-19-213-03",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU90492166",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008668",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-161",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-213-04",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2901",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-160445",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160445"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-161"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008668"
},
{
"db": "NVD",
"id": "CVE-2019-9010"
}
]
},
"id": "VAR-201908-0055",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160445"
}
],
"trust": 0.01
},
"last_update_date": "2025-10-03T22:13:48.905000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.codesys.com/"
},
{
"title": "Multiple 3S-Smart Software Solutions Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95921"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-161"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008668"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160445"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008668"
},
{
"db": "NVD",
"id": "CVE-2019-9010"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-03"
},
{
"trust": 1.6,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=12937\u0026token=769045a17015bea00ec7ff313de8f1a5c73e7b93\u0026download="
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9010"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90492166/index.html"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-04"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2901/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=12937\u0026amp;token=769045a17015bea00ec7ff313de8f1a5c73e7b93\u0026amp;download="
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160445"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-161"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008668"
},
{
"db": "NVD",
"id": "CVE-2019-9010"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-160445"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-161"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008668"
},
{
"db": "NVD",
"id": "CVE-2019-9010"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-160445"
},
{
"date": "2019-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-161"
},
{
"date": "2019-09-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008668"
},
{
"date": "2019-08-15T18:15:23.397000",
"db": "NVD",
"id": "CVE-2019-9010"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-23T00:00:00",
"db": "VULHUB",
"id": "VHN-160445"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-161"
},
{
"date": "2025-10-02T06:39:00",
"db": "JVNDB",
"id": "JVNDB-2019-008668"
},
{
"date": "2024-11-21T04:50:48.343000",
"db": "NVD",
"id": "CVE-2019-9010"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-161"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a03S-Smart\u00a0CODESYS\u00a0 Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008668"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-161"
}
],
"trust": 0.6
}
}
VAR-202108-1804
Vulnerability from variot - Updated: 2025-10-03 22:00In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition. CODESYS Gateway for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1804",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.17.10"
},
{
"model": "gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "codesys",
"version": "3 that\u0027s all 3.5.17.10"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012042"
},
{
"db": "NVD",
"id": "CVE-2021-36764"
}
]
},
"cve": "CVE-2021-36764",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-36764",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-398616",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-36764",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-36764",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-36764",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-36764",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-406",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-398616",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-36764",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398616"
},
{
"db": "VULMON",
"id": "CVE-2021-36764"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-406"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012042"
},
{
"db": "NVD",
"id": "CVE-2021-36764"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition. CODESYS Gateway for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-36764"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012042"
},
{
"db": "VULHUB",
"id": "VHN-398616"
},
{
"db": "VULMON",
"id": "CVE-2021-36764"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-36764",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-25-273-04",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU90492166",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012042",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202108-406",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-398616",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-36764",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398616"
},
{
"db": "VULMON",
"id": "CVE-2021-36764"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-406"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012042"
},
{
"db": "NVD",
"id": "CVE-2021-36764"
}
]
},
"id": "VAR-202108-1804",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-398616"
}
],
"trust": 0.01
},
"last_update_date": "2025-10-03T22:00:58.237000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advisory\u00a02021-12",
"trust": 0.8,
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=16804\u0026token=d8c89c887979b22fdfc9fd5c3aa3804bbb1ddbff\u0026download="
},
{
"title": "3S-Smart Software Solutions CODESYS GatewayService Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159689"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-406"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012042"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398616"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012042"
},
{
"db": "NVD",
"id": "CVE-2021-36764"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=16804\u0026token=d8c89c887979b22fdfc9fd5c3aa3804bbb1ddbff\u0026download="
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36764"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90492166/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-04"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=16804\u0026amp;token=d8c89c887979b22fdfc9fd5c3aa3804bbb1ddbff\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-398616"
},
{
"db": "VULMON",
"id": "CVE-2021-36764"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-406"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012042"
},
{
"db": "NVD",
"id": "CVE-2021-36764"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-398616"
},
{
"db": "VULMON",
"id": "CVE-2021-36764"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-406"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012042"
},
{
"db": "NVD",
"id": "CVE-2021-36764"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-398616"
},
{
"date": "2021-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2021-36764"
},
{
"date": "2021-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-406"
},
{
"date": "2022-08-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-012042"
},
{
"date": "2021-08-04T14:15:08.507000",
"db": "NVD",
"id": "CVE-2021-36764"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-11T00:00:00",
"db": "VULHUB",
"id": "VHN-398616"
},
{
"date": "2021-08-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-36764"
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-406"
},
{
"date": "2025-10-02T06:35:00",
"db": "JVNDB",
"id": "JVNDB-2021-012042"
},
{
"date": "2021-08-11T00:09:32.477000",
"db": "NVD",
"id": "CVE-2021-36764"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-406"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS\u00a0Gateway\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012042"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-406"
}
],
"trust": 0.6
}
}
VAR-202105-1032
Vulnerability from variot - Updated: 2025-10-03 21:55CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). 3s-smart Software Solutions 3S-Smart Software Solutions CODESYS GatewayService is a gateway service used in CODESYS products by German 3S-Smart Software Solutions (3s-smart Software Solutions)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-1032",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.70"
},
{
"model": "control runtime system toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "development system",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.70"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.70"
},
{
"model": "control for iot2000 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc200 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "development system",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for pfc100 sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.70"
},
{
"model": "control for beaglebone sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.0.1.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.1.0.0"
},
{
"model": "control for pfc200 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "control for linux sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for raspberry pi sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control for linux sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.0.1.0"
},
{
"model": "control for raspberry pi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.0.1.0"
},
{
"model": "control for iot2000 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.0.1.0"
},
{
"model": "control for empc-a\\/imx6 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.0.1.0"
},
{
"model": "control for pfc100 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.16.0"
},
{
"model": "control for beaglebone sl",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control runtime system toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for raspberry pi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for iot2000 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for empc-a/imx6 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beaglebone sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "development system",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for linux sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc200 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc100 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006713"
},
{
"db": "NVD",
"id": "CVE-2021-29241"
}
]
},
"cve": "CVE-2021-29241",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-29241",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-388814",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-29241",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-29241",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-29241",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-29241",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-051",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-388814",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-29241",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388814"
},
{
"db": "VULMON",
"id": "CVE-2021-29241"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-051"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006713"
},
{
"db": "NVD",
"id": "CVE-2021-29241"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). 3s-smart Software Solutions 3S-Smart Software Solutions CODESYS GatewayService is a gateway service used in CODESYS products by German 3S-Smart Software Solutions (3s-smart Software Solutions)",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-29241"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006713"
},
{
"db": "VULHUB",
"id": "VHN-388814"
},
{
"db": "VULMON",
"id": "CVE-2021-29241"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-29241",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-25-273-04",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU90492166",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006713",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-051",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-388814",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-29241",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388814"
},
{
"db": "VULMON",
"id": "CVE-2021-29241"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-051"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006713"
},
{
"db": "NVD",
"id": "CVE-2021-29241"
}
]
},
"id": "VAR-202105-1032",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-388814"
}
],
"trust": 0.01
},
"last_update_date": "2025-10-03T21:55:00.899000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advisory\u00a02021-04 CODESYS",
"trust": 0.8,
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=14637\u0026token=8dbd75ae7553ae3be25e22f741db783b31e14799\u0026download="
},
{
"title": "3S-Smart Software Solutions CODESYS Gateway Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150531"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-051"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006713"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388814"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006713"
},
{
"db": "NVD",
"id": "CVE-2021-29241"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://customers.codesys.com/index.php"
},
{
"trust": 1.8,
"url": "https://www.codesys.com/security/security-reports.html"
},
{
"trust": 1.7,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=14637\u0026token=8dbd75ae7553ae3be25e22f741db783b31e14799\u0026download="
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29241"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90492166/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-04"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=14637\u0026amp;token=8dbd75ae7553ae3be25e22f741db783b31e14799\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388814"
},
{
"db": "VULMON",
"id": "CVE-2021-29241"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-051"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006713"
},
{
"db": "NVD",
"id": "CVE-2021-29241"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-388814"
},
{
"db": "VULMON",
"id": "CVE-2021-29241"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-051"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006713"
},
{
"db": "NVD",
"id": "CVE-2021-29241"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-03T00:00:00",
"db": "VULHUB",
"id": "VHN-388814"
},
{
"date": "2021-05-03T00:00:00",
"db": "VULMON",
"id": "CVE-2021-29241"
},
{
"date": "2021-05-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-051"
},
{
"date": "2022-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006713"
},
{
"date": "2021-05-03T14:15:07.633000",
"db": "NVD",
"id": "CVE-2021-29241"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-388814"
},
{
"date": "2021-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-29241"
},
{
"date": "2021-12-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-051"
},
{
"date": "2025-10-02T06:35:00",
"db": "JVNDB",
"id": "JVNDB-2021-006713"
},
{
"date": "2022-04-01T15:26:04.663000",
"db": "NVD",
"id": "CVE-2021-29241"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-051"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS\u00a0Gateway\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006713"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-051"
}
],
"trust": 0.6
}
}
VAR-202001-1803
Vulnerability from variot - Updated: 2025-10-03 21:37CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition. CODESYS Control , Gateway , HMI Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. CoDeSys is a powerful PLC software programming tool.
CODESYS Control memory allocation is secure. Remote attackers can use this vulnerability to submit special requests to conduct denial-of-service attacks. 3S-Smart Software Solutions CODESYS Control is a set of industrial control program programming software from 3S-Smart Software Solutions in Germany
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1803",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control for empc-a\\/imx6",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "hmi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control for raspberry pi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "simulation runtime",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.9.40"
},
{
"model": "control for pfc100",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control win",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control runtime system toolkit",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "safety sil2",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.0"
},
{
"model": "control win",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.9.80"
},
{
"model": "hmi",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.10.0"
},
{
"model": "simulation runtime",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "safety sil2",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control for iot2000",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control for beaglebone",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control for pfc200",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control rte",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.10"
},
{
"model": "control for plcnext",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control rte",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.8.60"
},
{
"model": "control for linux",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.15.30"
},
{
"model": "control for raspberry pi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for iot2000 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for empc-a/imx6 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beaglebone sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for linux sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for plcnext",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "hmi",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc200 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc100 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control",
"scope": "eq",
"trust": 0.6,
"vendor": "codesys",
"version": "v3"
},
{
"model": "gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "codesys",
"version": "v3"
},
{
"model": "hmi",
"scope": "eq",
"trust": 0.6,
"vendor": "codesys",
"version": "v3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "control rte",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for beaglebone",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for empc a imx6",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for iot2000",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for linux",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for pfc100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for pfc200",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for plcnext",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control for raspberry pi",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control runtime system toolkit",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "control win",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "gateway",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "hmi",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "safety sil2",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simulation runtime",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"db": "NVD",
"id": "CVE-2020-7052"
}
]
},
"cve": "CVE-2020-7052",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-7052",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-13190",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-185177",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-7052",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-7052",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-7052",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-7052",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-13190",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-1104",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-185177",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"db": "VULHUB",
"id": "VHN-185177"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1104"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"db": "NVD",
"id": "CVE-2020-7052"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition. CODESYS Control , Gateway , HMI Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. CoDeSys is a powerful PLC software programming tool. \n\r\n\r\nCODESYS Control memory allocation is secure. Remote attackers can use this vulnerability to submit special requests to conduct denial-of-service attacks. 3S-Smart Software Solutions CODESYS Control is a set of industrial control program programming software from 3S-Smart Software Solutions in Germany",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7052"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "VULHUB",
"id": "VHN-185177"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-7052",
"trust": 4.1
},
{
"db": "TENABLE",
"id": "TRA-2020-04",
"trust": 2.3
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1104",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2020-13190",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-25-273-04",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU90492166",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515",
"trust": 0.8
},
{
"db": "IVD",
"id": "A64EF9AA-2BB3-4067-B045-CC3D87B01A10",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-185177",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"db": "VULHUB",
"id": "VHN-185177"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1104"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"db": "NVD",
"id": "CVE-2020-7052"
}
]
},
"id": "VAR-202001-1803",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"db": "VULHUB",
"id": "VHN-185177"
}
],
"trust": 1.23333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "CNVD",
"id": "CNVD-2020-13190"
}
]
},
"last_update_date": "2025-10-03T21:37:18.085000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advisory\u00a02020-01",
"trust": 0.8,
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download="
},
{
"title": "Patch for CODESYS Control Remote Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/204645"
},
{
"title": "Multiple 3S-Smart Software Solutions Product resource management error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112808"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1104"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-770",
"trust": 1.1
},
{
"problemtype": "Resource exhaustion (CWE-400) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-400",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-185177"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"db": "NVD",
"id": "CVE-2020-7052"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.tenable.com/security/research/tra-2020-04"
},
{
"trust": 1.6,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=12977\u0026token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026download="
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7052"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90492166/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-04"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=12977\u0026amp;token=33f948eed0c2fd69d238d9515779be337ef7592d\u0026amp;download="
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"db": "VULHUB",
"id": "VHN-185177"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1104"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"db": "NVD",
"id": "CVE-2020-7052"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"db": "VULHUB",
"id": "VHN-185177"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1104"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"db": "NVD",
"id": "CVE-2020-7052"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-24T00:00:00",
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"date": "2020-01-24T00:00:00",
"db": "VULHUB",
"id": "VHN-185177"
},
{
"date": "2020-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1104"
},
{
"date": "2020-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"date": "2020-01-24T20:15:10.970000",
"db": "NVD",
"id": "CVE-2020-7052"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13190"
},
{
"date": "2021-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-185177"
},
{
"date": "2021-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1104"
},
{
"date": "2025-10-02T07:53:00",
"db": "JVNDB",
"id": "JVNDB-2020-001515"
},
{
"date": "2024-11-21T05:36:34.220000",
"db": "NVD",
"id": "CVE-2020-7052"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-1104"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS Control Remote Denial of Service Vulnerability",
"sources": [
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "CNVD",
"id": "CNVD-2020-13190"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "a64ef9aa-2bb3-4067-b045-cc3d87b01a10"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1104"
}
],
"trust": 0.8
}
}
VAR-202206-2040
Vulnerability from variot - Updated: 2025-07-04 22:38In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact. CODESYS GmbH of CODESYS Gateway Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2040",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "2.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "2.3.9.38"
},
{
"model": "gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "codesys",
"version": "2.0 that\u0027s all 2.3.9.38"
},
{
"model": "gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "codesys",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011709"
},
{
"db": "NVD",
"id": "CVE-2022-31803"
}
]
},
"cve": "CVE-2022-31803",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-31803",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-423672",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "info@cert.vde.com",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-31803",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2022-011709",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-31803",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2022-31803",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-31803",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2455",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-423672",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-31803",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423672"
},
{
"db": "VULMON",
"id": "CVE-2022-31803"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011709"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2455"
},
{
"db": "NVD",
"id": "CVE-2022-31803"
},
{
"db": "NVD",
"id": "CVE-2022-31803"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact. CODESYS GmbH of CODESYS Gateway Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31803"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011709"
},
{
"db": "VULHUB",
"id": "VHN-423672"
},
{
"db": "VULMON",
"id": "CVE-2022-31803"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-31803",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-25-182-03",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97192309",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011709",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2455",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-423672",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-31803",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423672"
},
{
"db": "VULMON",
"id": "CVE-2022-31803"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011709"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2455"
},
{
"db": "NVD",
"id": "CVE-2022-31803"
}
]
},
"id": "VAR-202206-2040",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-423672"
}
],
"trust": 0.01
},
"last_update_date": "2025-07-04T22:38:02.113000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CODESYS Gateway Server Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=197311"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2455"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "Resource exhaustion (CWE-400) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423672"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011709"
},
{
"db": "NVD",
"id": "CVE-2022-31803"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97192309/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31803"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-03"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-31803/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17141\u0026amp;token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423672"
},
{
"db": "VULMON",
"id": "CVE-2022-31803"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011709"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2455"
},
{
"db": "NVD",
"id": "CVE-2022-31803"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-423672"
},
{
"db": "VULMON",
"id": "CVE-2022-31803"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011709"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2455"
},
{
"db": "NVD",
"id": "CVE-2022-31803"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-24T00:00:00",
"db": "VULHUB",
"id": "VHN-423672"
},
{
"date": "2022-06-24T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31803"
},
{
"date": "2023-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011709"
},
{
"date": "2022-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2455"
},
{
"date": "2022-06-24T08:15:07.463000",
"db": "NVD",
"id": "CVE-2022-31803"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-01T00:00:00",
"db": "VULHUB",
"id": "VHN-423672"
},
{
"date": "2022-07-01T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31803"
},
{
"date": "2025-07-03T05:54:00",
"db": "JVNDB",
"id": "JVNDB-2022-011709"
},
{
"date": "2022-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2455"
},
{
"date": "2022-07-01T13:34:36.227000",
"db": "NVD",
"id": "CVE-2022-31803"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2455"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS\u00a0GmbH\u00a0 of \u00a0CODESYS\u00a0Gateway\u00a0 Resource exhaustion vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011709"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2455"
}
],
"trust": 0.6
}
}
VAR-202206-1829
Vulnerability from variot - Updated: 2025-07-04 20:58The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition. CODESYS GmbH of CODESYS Gateway contains a memory allocation vulnerability with excessive size values.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1829",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "2.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "2.3.9.38"
},
{
"model": "gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "codesys",
"version": "2.0 that\u0027s all 2.3.9.38"
},
{
"model": "gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "codesys",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011708"
},
{
"db": "NVD",
"id": "CVE-2022-31804"
}
]
},
"cve": "CVE-2022-31804",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-31804",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-423673",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "info@cert.vde.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-31804",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2022-011708",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-31804",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2022-31804",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-31804",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2453",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-423673",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-31804",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423673"
},
{
"db": "VULMON",
"id": "CVE-2022-31804"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011708"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2453"
},
{
"db": "NVD",
"id": "CVE-2022-31804"
},
{
"db": "NVD",
"id": "CVE-2022-31804"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition. CODESYS GmbH of CODESYS Gateway contains a memory allocation vulnerability with excessive size values.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31804"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011708"
},
{
"db": "VULHUB",
"id": "VHN-423673"
},
{
"db": "VULMON",
"id": "CVE-2022-31804"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-31804",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU97192309",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-25-182-03",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011708",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2453",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-423673",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-31804",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423673"
},
{
"db": "VULMON",
"id": "CVE-2022-31804"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011708"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2453"
},
{
"db": "NVD",
"id": "CVE-2022-31804"
}
]
},
"id": "VAR-202206-1829",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-423673"
}
],
"trust": 0.01
},
"last_update_date": "2025-07-04T20:58:25.792000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CODESYS Gateway Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=197309"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2453"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-789",
"trust": 1.1
},
{
"problemtype": "Memory allocation with excessive size value (CWE-789) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423673"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011708"
},
{
"db": "NVD",
"id": "CVE-2022-31804"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97192309/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31804"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-03"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-31804/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17141\u0026amp;token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/789.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423673"
},
{
"db": "VULMON",
"id": "CVE-2022-31804"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011708"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2453"
},
{
"db": "NVD",
"id": "CVE-2022-31804"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-423673"
},
{
"db": "VULMON",
"id": "CVE-2022-31804"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011708"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2453"
},
{
"db": "NVD",
"id": "CVE-2022-31804"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-24T00:00:00",
"db": "VULHUB",
"id": "VHN-423673"
},
{
"date": "2022-06-24T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31804"
},
{
"date": "2023-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011708"
},
{
"date": "2022-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2453"
},
{
"date": "2022-06-24T08:15:07.527000",
"db": "NVD",
"id": "CVE-2022-31804"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-01T00:00:00",
"db": "VULHUB",
"id": "VHN-423673"
},
{
"date": "2022-07-01T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31804"
},
{
"date": "2025-07-03T05:55:00",
"db": "JVNDB",
"id": "JVNDB-2022-011708"
},
{
"date": "2022-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2453"
},
{
"date": "2022-07-01T13:35:00.340000",
"db": "NVD",
"id": "CVE-2022-31804"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2453"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS\u00a0GmbH\u00a0 of \u00a0CODESYS\u00a0Gateway\u00a0 Excessive Size Value Memory Allocation Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011708"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2453"
}
],
"trust": 0.6
}
}
VAR-202206-1921
Vulnerability from variot - Updated: 2025-07-04 20:24In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password. CODESYS GmbH of CODESYS Gateway contains a partial string comparison vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1921",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "2.0"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "2.3.9.38"
},
{
"model": "gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "codesys",
"version": "2.0 that\u0027s all 2.3.9.38"
},
{
"model": "gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "codesys",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011710"
},
{
"db": "NVD",
"id": "CVE-2022-31802"
}
]
},
"cve": "CVE-2022-31802",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-31802",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-423671",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "info@cert.vde.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-31802",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-011710",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-31802",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2022-31802",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-31802",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2457",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-423671",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-31802",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423671"
},
{
"db": "VULMON",
"id": "CVE-2022-31802"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011710"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2457"
},
{
"db": "NVD",
"id": "CVE-2022-31802"
},
{
"db": "NVD",
"id": "CVE-2022-31802"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password. CODESYS GmbH of CODESYS Gateway contains a partial string comparison vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31802"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011710"
},
{
"db": "VULHUB",
"id": "VHN-423671"
},
{
"db": "VULMON",
"id": "CVE-2022-31802"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-31802",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU97192309",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-25-182-03",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011710",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2457",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-423671",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-31802",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423671"
},
{
"db": "VULMON",
"id": "CVE-2022-31802"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011710"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2457"
},
{
"db": "NVD",
"id": "CVE-2022-31802"
}
]
},
"id": "VAR-202206-1921",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-423671"
}
],
"trust": 0.01
},
"last_update_date": "2025-07-04T20:24:21.399000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CODESYS Gateway Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=197313"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2457"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-187",
"trust": 1.1
},
{
"problemtype": "Comparing partial strings (CWE-187) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423671"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011710"
},
{
"db": "NVD",
"id": "CVE-2022-31802"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97192309/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31802"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-03"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-31802/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17141\u0026amp;token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/187.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423671"
},
{
"db": "VULMON",
"id": "CVE-2022-31802"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011710"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2457"
},
{
"db": "NVD",
"id": "CVE-2022-31802"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-423671"
},
{
"db": "VULMON",
"id": "CVE-2022-31802"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011710"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2457"
},
{
"db": "NVD",
"id": "CVE-2022-31802"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-24T00:00:00",
"db": "VULHUB",
"id": "VHN-423671"
},
{
"date": "2022-06-24T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31802"
},
{
"date": "2023-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011710"
},
{
"date": "2022-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2457"
},
{
"date": "2022-06-24T08:15:07.393000",
"db": "NVD",
"id": "CVE-2022-31802"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-01T00:00:00",
"db": "VULHUB",
"id": "VHN-423671"
},
{
"date": "2022-07-01T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31802"
},
{
"date": "2025-07-03T05:53:00",
"db": "JVNDB",
"id": "JVNDB-2022-011710"
},
{
"date": "2022-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2457"
},
{
"date": "2022-07-01T13:34:15.277000",
"db": "NVD",
"id": "CVE-2022-31802"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2457"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS\u00a0GmbH\u00a0 of \u00a0CODESYS\u00a0Gateway\u00a0 Partial String Comparison Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011710"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2457"
}
],
"trust": 0.6
}
}
VAR-202206-1953
Vulnerability from variot - Updated: 2024-09-17 23:19In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1953",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.30"
},
{
"model": "development system",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "2.3.9.69"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "2.3.9.38"
},
{
"model": "plchandler",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.30"
},
{
"model": "opc server",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.30"
},
{
"model": "plcwinnt",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "2.4.7.57"
},
{
"model": "web server",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "1.1.9.23"
},
{
"model": "hmi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.30"
},
{
"model": "sp realtime nt",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "2.3.7.30"
},
{
"model": "runtime toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "2.4.7.57"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31805"
}
]
},
"cve": "CVE-2022-31805",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-31805",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-423674",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-31805",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-31805",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2022-31805",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2454",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-423674",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-31805",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423674"
},
{
"db": "VULMON",
"id": "CVE-2022-31805"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2454"
},
{
"db": "NVD",
"id": "CVE-2022-31805"
},
{
"db": "NVD",
"id": "CVE-2022-31805"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31805"
},
{
"db": "VULHUB",
"id": "VHN-423674"
},
{
"db": "VULMON",
"id": "CVE-2022-31805"
}
],
"trust": 1.08
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-31805",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2454",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-423674",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-31805",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423674"
},
{
"db": "VULMON",
"id": "CVE-2022-31805"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2454"
},
{
"db": "NVD",
"id": "CVE-2022-31805"
}
]
},
"id": "VAR-202206-1953",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-423674"
}
],
"trust": 0.01
},
"last_update_date": "2024-09-17T23:19:11.279000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CODESYS Development System Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=199005"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ic3sw0rd/Codesys_V2_Vulnerability "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-31805"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2454"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-523",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423674"
},
{
"db": "NVD",
"id": "CVE-2022-31805"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-31805/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17140\u0026amp;token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/523.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ic3sw0rd/codesys_v2_vulnerability"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423674"
},
{
"db": "VULMON",
"id": "CVE-2022-31805"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2454"
},
{
"db": "NVD",
"id": "CVE-2022-31805"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-423674"
},
{
"db": "VULMON",
"id": "CVE-2022-31805"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2454"
},
{
"db": "NVD",
"id": "CVE-2022-31805"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-24T00:00:00",
"db": "VULHUB",
"id": "VHN-423674"
},
{
"date": "2022-06-24T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31805"
},
{
"date": "2022-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2454"
},
{
"date": "2022-06-24T08:15:07.590000",
"db": "NVD",
"id": "CVE-2022-31805"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-23T00:00:00",
"db": "VULHUB",
"id": "VHN-423674"
},
{
"date": "2022-07-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31805"
},
{
"date": "2022-07-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2454"
},
{
"date": "2024-09-16T19:16:03.700000",
"db": "NVD",
"id": "CVE-2022-31805"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2454"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS Development System Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2454"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2454"
}
],
"trust": 0.6
}
}
VAR-202207-0363
Vulnerability from variot - Updated: 2024-08-14 15:00In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected. control for beaglebone , control for empc-a/imx6 , CODESYS Control for IOT2000 SL etc. multiple CODESYS GmbH The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0363",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control for empc-a\\/imx6",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for iot2000 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.6.0.0"
},
{
"model": "control for wago touch panels 600",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for pfc200 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for beaglebone",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control rte sl \\",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control for linux sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "remote target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control for raspberry pi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "development system",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control rte sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for pfc100 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "embedded target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control for plcnext",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.6.0.0"
},
{
"model": "hmi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control win",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control for iot2000 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "embedded target visu toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beaglebone",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for linux sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc100 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control win",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte v3",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for wago touch panels 600",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for empc-a/imx6",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "edge gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "remote target visu toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control runtime system toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "hmi",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for plcnext",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "development system",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc200 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for raspberry pi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012664"
},
{
"db": "NVD",
"id": "CVE-2022-30792"
}
]
},
"cve": "CVE-2022-30792",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-30792",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-422576",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-30792",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2022-012664",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-30792",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2022-30792",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-30792",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-791",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-422576",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-30792",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422576"
},
{
"db": "VULMON",
"id": "CVE-2022-30792"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012664"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-791"
},
{
"db": "NVD",
"id": "CVE-2022-30792"
},
{
"db": "NVD",
"id": "CVE-2022-30792"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected. control for beaglebone , control for empc-a/imx6 , CODESYS Control for IOT2000 SL etc. multiple CODESYS GmbH The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-30792"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012664"
},
{
"db": "VULHUB",
"id": "VHN-422576"
},
{
"db": "VULMON",
"id": "CVE-2022-30792"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-30792",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012664",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-791",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-422576",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-30792",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422576"
},
{
"db": "VULMON",
"id": "CVE-2022-30792"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012664"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-791"
},
{
"db": "NVD",
"id": "CVE-2022-30792"
}
]
},
"id": "VAR-202207-0363",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-422576"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:00:54.926000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "3S-Smart Software Solutions CODESYS Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200895"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-791"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "Resource exhaustion (CWE-400) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422576"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012664"
},
{
"db": "NVD",
"id": "CVE-2022-30792"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30792"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-30792/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17128\u0026amp;token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422576"
},
{
"db": "VULMON",
"id": "CVE-2022-30792"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012664"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-791"
},
{
"db": "NVD",
"id": "CVE-2022-30792"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-422576"
},
{
"db": "VULMON",
"id": "CVE-2022-30792"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012664"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-791"
},
{
"db": "NVD",
"id": "CVE-2022-30792"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-422576"
},
{
"date": "2022-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2022-30792"
},
{
"date": "2023-08-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-012664"
},
{
"date": "2022-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-791"
},
{
"date": "2022-07-11T11:15:08.240000",
"db": "NVD",
"id": "CVE-2022-30792"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-23T00:00:00",
"db": "VULHUB",
"id": "VHN-422576"
},
{
"date": "2022-07-20T00:00:00",
"db": "VULMON",
"id": "CVE-2022-30792"
},
{
"date": "2023-08-31T08:31:00",
"db": "JVNDB",
"id": "JVNDB-2022-012664"
},
{
"date": "2022-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-791"
},
{
"date": "2022-09-23T16:25:41.847000",
"db": "NVD",
"id": "CVE-2022-30792"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-791"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0CODESYS\u00a0GmbH\u00a0 Product resource exhaustion vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012664"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-791"
}
],
"trust": 0.6
}
}
VAR-202207-0490
Vulnerability from variot - Updated: 2024-08-14 13:22In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected. control for beaglebone , control for empc-a/imx6 , CODESYS Control for IOT2000 SL etc. multiple CODESYS GmbH The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0490",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "control for empc-a\\/imx6",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for iot2000 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.6.0.0"
},
{
"model": "control for wago touch panels 600",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for pfc200 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for beaglebone",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control rte sl \\",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control for linux sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "remote target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control for raspberry pi sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "development system",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control rte sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "control for pfc100 sl",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.5.0.0"
},
{
"model": "embedded target visu toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control runtime system toolkit",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control for plcnext",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "4.6.0.0"
},
{
"model": "hmi",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control win",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "3.5.18.20"
},
{
"model": "control for iot2000 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "embedded target visu toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for beaglebone",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for linux sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc100 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control win",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte v3",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control rte sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for wago touch panels 600",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for empc-a/imx6",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "edge gateway",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "remote target visu toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control runtime system toolkit",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "hmi",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for plcnext",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "development system",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for pfc200 sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
},
{
"model": "control for raspberry pi sl",
"scope": null,
"trust": 0.8,
"vendor": "codesys",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012665"
},
{
"db": "NVD",
"id": "CVE-2022-30791"
}
]
},
"cve": "CVE-2022-30791",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-30791",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-422575",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-30791",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2022-012665",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-30791",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2022-30791",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-30791",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-787",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-422575",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-30791",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422575"
},
{
"db": "VULMON",
"id": "CVE-2022-30791"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012665"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-787"
},
{
"db": "NVD",
"id": "CVE-2022-30791"
},
{
"db": "NVD",
"id": "CVE-2022-30791"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected. control for beaglebone , control for empc-a/imx6 , CODESYS Control for IOT2000 SL etc. multiple CODESYS GmbH The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-30791"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012665"
},
{
"db": "VULHUB",
"id": "VHN-422575"
},
{
"db": "VULMON",
"id": "CVE-2022-30791"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-30791",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012665",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-787",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-422575",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-30791",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422575"
},
{
"db": "VULMON",
"id": "CVE-2022-30791"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012665"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-787"
},
{
"db": "NVD",
"id": "CVE-2022-30791"
}
]
},
"id": "VAR-202207-0490",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-422575"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:22:03.238000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "3S-Smart Software Solutions CODESYS Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200893"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-787"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "Resource exhaustion (CWE-400) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422575"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012665"
},
{
"db": "NVD",
"id": "CVE-2022-30791"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30791"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-30791/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17128\u0026amp;token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422575"
},
{
"db": "VULMON",
"id": "CVE-2022-30791"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012665"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-787"
},
{
"db": "NVD",
"id": "CVE-2022-30791"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-422575"
},
{
"db": "VULMON",
"id": "CVE-2022-30791"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012665"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-787"
},
{
"db": "NVD",
"id": "CVE-2022-30791"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-422575"
},
{
"date": "2022-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2022-30791"
},
{
"date": "2023-08-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-012665"
},
{
"date": "2022-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-787"
},
{
"date": "2022-07-11T11:15:08.177000",
"db": "NVD",
"id": "CVE-2022-30791"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-23T00:00:00",
"db": "VULHUB",
"id": "VHN-422575"
},
{
"date": "2022-07-20T00:00:00",
"db": "VULMON",
"id": "CVE-2022-30791"
},
{
"date": "2023-08-31T08:32:00",
"db": "JVNDB",
"id": "JVNDB-2022-012665"
},
{
"date": "2022-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-787"
},
{
"date": "2022-09-23T16:26:08.200000",
"db": "NVD",
"id": "CVE-2022-30791"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-787"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0CODESYS\u00a0GmbH\u00a0 Product resource exhaustion vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012665"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-787"
}
],
"trust": 0.6
}
}
CVE-2022-30792 (GCVE-0-2022-30792)
Vulnerability from nvd – Published: 2022-07-11 10:40 – Updated: 2024-09-16 23:05
VLAI?
Title
CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels
Summary
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS Control RTE (SL) |
Affected:
V3 , < V3.5.18.20
(custom)
|
||
|
|
||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:38.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Development System V3",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.10",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Embedded Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Remote Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Beckhoff CX9020 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Linux",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T10:40:43",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"source": {
"defect": [
"CERT@VDE#",
"64130"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-07-08T06:00:00.000Z",
"ID": "CVE-2022-30792",
"STATE": "PUBLIC",
"TITLE": "CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Control RTE (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control Win (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS HMI (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Development System V3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.10"
}
]
}
},
{
"product_name": "CODESYS Control Runtime System Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Embedded Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Remote Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control for BeagleBone SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Beckhoff CX9020 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for emPC-A/iMX6 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for IOT2000 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Linux SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC100 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC200 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PLCnext SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Raspberry Pi SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
]
},
"source": {
"defect": [
"CERT@VDE#",
"64130"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-30792",
"datePublished": "2022-07-11T10:40:43.935648Z",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-09-16T23:05:31.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30791 (GCVE-0-2022-30791)
Vulnerability from nvd – Published: 2022-07-11 10:40 – Updated: 2024-09-16 16:48
VLAI?
Title
CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections
Summary
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS Control RTE (SL) |
Affected:
V3 , < V3.5.18.20
(custom)
|
||
|
|
||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:38.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Development System V3",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.10",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Embedded Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Remote Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Beckhoff CX9020 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Linux",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T10:40:38",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"source": {
"defect": [
"CERT@VDE#",
"64129"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-07-08T06:00:00.000Z",
"ID": "CVE-2022-30791",
"STATE": "PUBLIC",
"TITLE": "CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Control RTE (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control Win (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS HMI (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Development System V3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.10"
}
]
}
},
{
"product_name": "CODESYS Control Runtime System Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Embedded Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Remote Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control for BeagleBone SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Beckhoff CX9020 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for emPC-A/iMX6 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for IOT2000 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Linux SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC100 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC200 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PLCnext SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Raspberry Pi SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
]
},
"source": {
"defect": [
"CERT@VDE#",
"64129"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-30791",
"datePublished": "2022-07-11T10:40:38.913416Z",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-09-16T16:48:31.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31805 (GCVE-0-2022-31805)
Vulnerability from nvd – Published: 2022-06-24 07:46 – Updated: 2024-09-16 18:55
VLAI?
Title
Insecure transmission of credentials
Summary
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
Severity ?
7.5 (High)
CWE
- CWE-523 - Unprotected Transport of Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| CODESYS | CODESYS Development System |
Affected:
V2 , < V2.3.9.69
(custom)
Affected: V3 , < V3.5.18.30 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CODESYS Development System",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.9.69",
"status": "affected",
"version": "V2",
"versionType": "custom"
},
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Gateway Client",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.9.38",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Gateway Server",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.9.38",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Web server",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V1.1.9.23",
"status": "affected",
"version": "V1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS SP Realtime NT",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.7.30",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS PLCWinNT",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.4.7.57",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Runtime Toolkit 32 bit full",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.4.7.57",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS OPC DA Server SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS PLCHandler",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-22T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.\u003c/p\u003e"
}
],
"value": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-523",
"description": "CWE-523 Unprotected Transport of Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T12:54:39.506Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
}
],
"source": {
"defect": [
"CERT@VDE#",
"64140"
],
"discovery": "UNKNOWN"
},
"title": "Insecure transmission of credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-06-23T10:00:00.000Z",
"ID": "CVE-2022-31805",
"STATE": "PUBLIC",
"TITLE": "Insecure transmission of credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Development System",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.3.9.69"
},
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Gateway Client",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.3.9.38"
}
]
}
},
{
"product_name": "CODESYS Gateway Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.3.9.38"
}
]
}
},
{
"product_name": "CODESYS Web server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V1",
"version_value": "V1.1.9.23"
}
]
}
},
{
"product_name": "CODESYS SP Realtime NT",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.3.7.30"
}
]
}
},
{
"product_name": "CODESYS PLCWinNT",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.4.7.57"
}
]
}
},
{
"product_name": "CODESYS Runtime Toolkit 32 bit full",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.4.7.57"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS HMI (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS OPC DA Server SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS PLCHandler",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-523 Unprotected Transport of Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
}
]
},
"source": {
"defect": [
"CERT@VDE#",
"64140"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-31805",
"datePublished": "2022-06-24T07:46:15.076016Z",
"dateReserved": "2022-05-30T00:00:00",
"dateUpdated": "2024-09-16T18:55:26.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31804 (GCVE-0-2022-31804)
Vulnerability from nvd – Published: 2022-06-24 07:46 – Updated: 2024-09-16 20:16
VLAI?
Title
CODESYS Gateway server prone to denial of service attack due to excessive memory allocation
Summary
The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.
Severity ?
7.5 (High)
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS Gateway Server V2 |
Affected:
unspecified , < V2.3.9.38
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Gateway Server V2",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.9.38",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789: Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T07:46:12",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CODESYS Gateway server prone to denial of service attack due to excessive memory allocation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-06-09T08:02:00.000Z",
"ID": "CVE-2022-31804",
"STATE": "PUBLIC",
"TITLE": "CODESYS Gateway server prone to denial of service attack due to excessive memory allocation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Gateway Server V2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "V2.3.9.38"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-789: Memory Allocation with Excessive Size Value"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-31804",
"datePublished": "2022-06-24T07:46:13.080219Z",
"dateReserved": "2022-05-30T00:00:00",
"dateUpdated": "2024-09-16T20:16:34.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31803 (GCVE-0-2022-31803)
Vulnerability from nvd – Published: 2022-06-24 07:46 – Updated: 2024-09-16 20:01
VLAI?
Title
CODESYS Gateway Server V2 prone to Denial of Service Attack
Summary
In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact.
Severity ?
5.3 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS Gateway Server V2 |
Affected:
V2 , < V2.3.9.38
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Gateway Server V2",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.9.38",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T07:46:11",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CODESYS Gateway Server V2 prone to Denial of Service Attack",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-06-09T07:54:00.000Z",
"ID": "CVE-2022-31803",
"STATE": "PUBLIC",
"TITLE": "CODESYS Gateway Server V2 prone to Denial of Service Attack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Gateway Server V2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.3.9.38"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-31803",
"datePublished": "2022-06-24T07:46:11.188713Z",
"dateReserved": "2022-05-30T00:00:00",
"dateUpdated": "2024-09-16T20:01:21.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31802 (GCVE-0-2022-31802)
Vulnerability from nvd – Published: 2022-06-24 07:46 – Updated: 2024-09-17 00:32
VLAI?
Title
Partial string comparison in CODESYS gateway server
Summary
In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.
Severity ?
9.8 (Critical)
CWE
- CWE-187 - Partial String Comparison
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS Gateway Server V2 |
Affected:
V2 , < V2.3.9.38
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Gateway Server V2",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.9.38",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-187",
"description": "CWE-187 Partial String Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T07:46:09",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Partial string comparison in CODESYS gateway server",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-06-09T07:38:00.000Z",
"ID": "CVE-2022-31802",
"STATE": "PUBLIC",
"TITLE": "Partial string comparison in CODESYS gateway server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Gateway Server V2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.3.9.38"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-187 Partial String Comparison"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-31802",
"datePublished": "2022-06-24T07:46:09.625943Z",
"dateReserved": "2022-05-30T00:00:00",
"dateUpdated": "2024-09-17T00:32:18.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30792 (GCVE-0-2022-30792)
Vulnerability from cvelistv5 – Published: 2022-07-11 10:40 – Updated: 2024-09-16 23:05
VLAI?
Title
CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels
Summary
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS Control RTE (SL) |
Affected:
V3 , < V3.5.18.20
(custom)
|
||
|
|
||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:38.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Development System V3",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.10",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Embedded Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Remote Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Beckhoff CX9020 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Linux",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T10:40:43",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"source": {
"defect": [
"CERT@VDE#",
"64130"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-07-08T06:00:00.000Z",
"ID": "CVE-2022-30792",
"STATE": "PUBLIC",
"TITLE": "CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Control RTE (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control Win (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS HMI (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Development System V3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.10"
}
]
}
},
{
"product_name": "CODESYS Control Runtime System Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Embedded Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Remote Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control for BeagleBone SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Beckhoff CX9020 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for emPC-A/iMX6 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for IOT2000 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Linux SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC100 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC200 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PLCnext SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Raspberry Pi SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
]
},
"source": {
"defect": [
"CERT@VDE#",
"64130"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-30792",
"datePublished": "2022-07-11T10:40:43.935648Z",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-09-16T23:05:31.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30791 (GCVE-0-2022-30791)
Vulnerability from cvelistv5 – Published: 2022-07-11 10:40 – Updated: 2024-09-16 16:48
VLAI?
Title
CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections
Summary
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS Control RTE (SL) |
Affected:
V3 , < V3.5.18.20
(custom)
|
||
|
|
||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:38.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Development System V3",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.10",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Embedded Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Remote Target Visu Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.20",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Beckhoff CX9020 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"product": "CODESYS Edge Gateway for Linux",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.5.0.0",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T10:40:38",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
],
"source": {
"defect": [
"CERT@VDE#",
"64129"
],
"discovery": "UNKNOWN"
},
"title": "CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-07-08T06:00:00.000Z",
"ID": "CVE-2022-30791",
"STATE": "PUBLIC",
"TITLE": "CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Control RTE (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control Win (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS HMI (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Development System V3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.10"
}
]
}
},
{
"product_name": "CODESYS Control Runtime System Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Embedded Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Remote Target Visu Toolkit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Control for BeagleBone SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Beckhoff CX9020 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for emPC-A/iMX6 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for IOT2000 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Linux SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC100 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PFC200 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for PLCnext SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for Raspberry Pi SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V4.5.0.0"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
}
]
},
"source": {
"defect": [
"CERT@VDE#",
"64129"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-30791",
"datePublished": "2022-07-11T10:40:38.913416Z",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-09-16T16:48:31.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31805 (GCVE-0-2022-31805)
Vulnerability from cvelistv5 – Published: 2022-06-24 07:46 – Updated: 2024-09-16 18:55
VLAI?
Title
Insecure transmission of credentials
Summary
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
Severity ?
7.5 (High)
CWE
- CWE-523 - Unprotected Transport of Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| CODESYS | CODESYS Development System |
Affected:
V2 , < V2.3.9.69
(custom)
Affected: V3 , < V3.5.18.30 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CODESYS Development System",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.9.69",
"status": "affected",
"version": "V2",
"versionType": "custom"
},
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Gateway Client",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.9.38",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Gateway Server",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.9.38",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Web server",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V1.1.9.23",
"status": "affected",
"version": "V1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS SP Realtime NT",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.7.30",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS PLCWinNT",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.4.7.57",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Runtime Toolkit 32 bit full",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.4.7.57",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Edge Gateway for Windows",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS OPC DA Server SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS PLCHandler",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Gateway",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.18.30",
"status": "affected",
"version": "V3",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-22T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.\u003c/p\u003e"
}
],
"value": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-523",
"description": "CWE-523 Unprotected Transport of Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T12:54:39.506Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
}
],
"source": {
"defect": [
"CERT@VDE#",
"64140"
],
"discovery": "UNKNOWN"
},
"title": "Insecure transmission of credentials",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-06-23T10:00:00.000Z",
"ID": "CVE-2022-31805",
"STATE": "PUBLIC",
"TITLE": "Insecure transmission of credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Development System",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.3.9.69"
},
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Gateway Client",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.3.9.38"
}
]
}
},
{
"product_name": "CODESYS Gateway Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.3.9.38"
}
]
}
},
{
"product_name": "CODESYS Web server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V1",
"version_value": "V1.1.9.23"
}
]
}
},
{
"product_name": "CODESYS SP Realtime NT",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.3.7.30"
}
]
}
},
{
"product_name": "CODESYS PLCWinNT",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.4.7.57"
}
]
}
},
{
"product_name": "CODESYS Runtime Toolkit 32 bit full",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.4.7.57"
}
]
}
},
{
"product_name": "CODESYS Edge Gateway for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS HMI (SL)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS OPC DA Server SL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS PLCHandler",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
},
{
"product_name": "CODESYS Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V3",
"version_value": "V3.5.18.20"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-523 Unprotected Transport of Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
}
]
},
"source": {
"defect": [
"CERT@VDE#",
"64140"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-31805",
"datePublished": "2022-06-24T07:46:15.076016Z",
"dateReserved": "2022-05-30T00:00:00",
"dateUpdated": "2024-09-16T18:55:26.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31804 (GCVE-0-2022-31804)
Vulnerability from cvelistv5 – Published: 2022-06-24 07:46 – Updated: 2024-09-16 20:16
VLAI?
Title
CODESYS Gateway server prone to denial of service attack due to excessive memory allocation
Summary
The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.
Severity ?
7.5 (High)
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS Gateway Server V2 |
Affected:
unspecified , < V2.3.9.38
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Gateway Server V2",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.9.38",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789: Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T07:46:12",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CODESYS Gateway server prone to denial of service attack due to excessive memory allocation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-06-09T08:02:00.000Z",
"ID": "CVE-2022-31804",
"STATE": "PUBLIC",
"TITLE": "CODESYS Gateway server prone to denial of service attack due to excessive memory allocation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Gateway Server V2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "V2.3.9.38"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-789: Memory Allocation with Excessive Size Value"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-31804",
"datePublished": "2022-06-24T07:46:13.080219Z",
"dateReserved": "2022-05-30T00:00:00",
"dateUpdated": "2024-09-16T20:16:34.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31803 (GCVE-0-2022-31803)
Vulnerability from cvelistv5 – Published: 2022-06-24 07:46 – Updated: 2024-09-16 20:01
VLAI?
Title
CODESYS Gateway Server V2 prone to Denial of Service Attack
Summary
In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact.
Severity ?
5.3 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS Gateway Server V2 |
Affected:
V2 , < V2.3.9.38
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Gateway Server V2",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.9.38",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T07:46:11",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CODESYS Gateway Server V2 prone to Denial of Service Attack",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-06-09T07:54:00.000Z",
"ID": "CVE-2022-31803",
"STATE": "PUBLIC",
"TITLE": "CODESYS Gateway Server V2 prone to Denial of Service Attack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Gateway Server V2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.3.9.38"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-31803",
"datePublished": "2022-06-24T07:46:11.188713Z",
"dateReserved": "2022-05-30T00:00:00",
"dateUpdated": "2024-09-16T20:01:21.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31802 (GCVE-0-2022-31802)
Vulnerability from cvelistv5 – Published: 2022-06-24 07:46 – Updated: 2024-09-17 00:32
VLAI?
Title
Partial string comparison in CODESYS gateway server
Summary
In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.
Severity ?
9.8 (Critical)
CWE
- CWE-187 - Partial String Comparison
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS Gateway Server V2 |
Affected:
V2 , < V2.3.9.38
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Gateway Server V2",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.9.38",
"status": "affected",
"version": "V2",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-187",
"description": "CWE-187 Partial String Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T07:46:09",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Partial string comparison in CODESYS gateway server",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-06-09T07:38:00.000Z",
"ID": "CVE-2022-31802",
"STATE": "PUBLIC",
"TITLE": "Partial string comparison in CODESYS gateway server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Gateway Server V2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "V2",
"version_value": "V2.3.9.38"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-187 Partial String Comparison"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-31802",
"datePublished": "2022-06-24T07:46:09.625943Z",
"dateReserved": "2022-05-30T00:00:00",
"dateUpdated": "2024-09-17T00:32:18.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}