Search

Find a vulnerability

Search criteria

    26 vulnerabilities found for hmi_sl by codesys

    CVE-2025-41738 (GCVE-0-2025-41738)

    Vulnerability from nvd – Published: 2025-12-01 10:02 – Updated: 2025-12-01 14:00
    VLAI
    Title
    CODESYS Control - Invalid type usage in visualization
    Summary
    An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41738",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-01T13:59:44.375519Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-01T14:00:28.509Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Remote Target Visu",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-843",
                  "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-01T10:02:33.407Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-100"
            }
          ],
          "source": {
            "advisory": "VDE-2025-100",
            "defect": [
              "CERT@VDE#641889"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Control - Invalid type usage in visualization",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41738",
        "datePublished": "2025-12-01T10:02:33.407Z",
        "dateReserved": "2025-04-16T11:17:48.320Z",
        "dateUpdated": "2025-12-01T14:00:28.509Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-4046 (GCVE-0-2022-4046)

    Vulnerability from nvd – Published: 2023-08-03 12:39 – Updated: 2026-05-29 14:06
    VLAI
    Title
    CODESYS: Improper memory restrictions fro CODESYS Control
    Summary
    In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    References
    Date Public
    2023-08-03 10:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:27:54.486Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-025/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4046",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T14:06:27.478239Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T14:06:35.326Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "CODESYS Control Runtime System Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "datePublic": "2023-08-03T10:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device."
                }
              ],
              "value": "In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-03T12:39:44.002Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-025/"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#64299"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "CODESYS: Improper memory restrictions fro CODESYS Control",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-4046",
        "datePublished": "2023-08-03T12:39:44.002Z",
        "dateReserved": "2022-11-17T07:07:09.714Z",
        "dateUpdated": "2026-05-29T14:06:35.326Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-4224 (GCVE-0-2022-4224)

    Vulnerability from nvd – Published: 2023-03-23 11:15 – Updated: 2026-05-29 14:08
    VLAI
    Title
    CODESYS: Exposure of Resource to Wrong Sphere in CODESYS V3
    Summary
    In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1188 - Insecure Default Initialization of Resource
    Assigner
    Impacted products
    Vendor Product Version
    CODESYS Control RTE (SL) Affected: 3.0.0.0 , < 3.5.19.0 (custom)
    Create a notification for this product.
    CODESYS Control RTE (for Beckhoff CX) SL Affected: 3.0.0.0 , < 3.5.19.0 (custom)
    Create a notification for this product.
    CODESYS Control Win (SL) Affected: 3.0.0.0 , < 3.5.19.0 (custom)
    Create a notification for this product.
    CODESYS Runtime Toolkit Affected: 3.0.0.0 , < 3.5.19.0 (custom)
    Create a notification for this product.
    CODESYS Safety SIL2 Runtime Toolkit Affected: 3.0.0.0 , < 3.5.19.0 (custom)
    Create a notification for this product.
    CODESYS Safety SIL2 PSP Affected: 3.0.0.0 , < 3.5.19.0 (custom)
    Create a notification for this product.
    CODESYS HMI (SL) Affected: 3.0.0.0 , < 3.5.19.0 (custom)
    Create a notification for this product.
    CODESYS Development System V3 Affected: 3.0.0.0 , < 3.5.19.0 (custom)
    Create a notification for this product.
    CODESYS Control for BeagleBone SL Affected: 3.0.0.0 , < 4.8.0.0 (custom)
    Create a notification for this product.
    CODESYS Control for emPC-A/iMX6 SL Affected: 3.0.0.0 , < 4.8.0.0 (custom)
    Create a notification for this product.
    CODESYS Control for IOT2000 SL Affected: 3.0.0.0 , < 4.8.0.0 (custom)
    Create a notification for this product.
    CODESYS Control for Linux SL Affected: 3.0.0.0 , < 4.8.0.0 (custom)
    Create a notification for this product.
    CODESYS Control for PFC100 SL Affected: 3.0.0.0 , < 4.8.0.0 (custom)
    Create a notification for this product.
    CODESYS Control for PFC200 SL Affected: 3.0.0.0 , < 4.8.0.0 (custom)
    Create a notification for this product.
    CODESYS Control for PLCnext SL Affected: 3.0.0.0 , < 4.8.0.0 (custom)
    Create a notification for this product.
    CODESYS Control for Raspberry Pi SL Affected: 3.0.0.0 , < 4.8.0.0 (custom)
    Create a notification for this product.
    CODESYS Control for WAGO Touch Panels 600 SL Affected: 3.0.0.0 , < 4.8.0.0 (custom)
    Create a notification for this product.
    Credits
    Franklin Zhao from ELEX FEIGONG RESEARCH INSTITUTE of Elex CyberSecurity Reid Wightman of Dragos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:34:49.591Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17553\u0026token=cf49757d232ea8021f0c0dd6c65e71ea5942b12d\u0026download="
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4224",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T14:07:26.160566Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T14:08:13.754Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Control RTE (SL) ",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.19.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.19.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.19.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": " Runtime Toolkit ",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.19.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Safety SIL2 Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.19.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Safety SIL2 PSP",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.19.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "HMI (SL) ",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.19.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Development System V3",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.19.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": " Control for BeagleBone SL ",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.8.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.8.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.8.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.8.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": " Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.8.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": " Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.8.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.8.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.8.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.8.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Franklin Zhao from ELEX FEIGONG RESEARCH INSTITUTE of Elex CyberSecurity"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Reid Wightman of Dragos"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In multiple products of CODESYS v3 in multiple versions a remote low privileged user\u0026nbsp;could utilize this vulnerability to read and modify system files and OS resources or DoS the device."
                }
              ],
              "value": "In multiple products of CODESYS v3 in multiple versions a remote low privileged user\u00a0could utilize this vulnerability to read and modify system files and OS resources or DoS the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1188",
                  "description": "CWE-1188 Insecure Default Initialization of Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-09T10:47:13.144Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17553\u0026token=cf49757d232ea8021f0c0dd6c65e71ea5942b12d\u0026download="
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#64318"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "CODESYS:  Exposure of Resource to Wrong Sphere in CODESYS V3",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-4224",
        "datePublished": "2023-03-23T11:15:37.014Z",
        "dateReserved": "2022-11-30T06:54:13.183Z",
        "dateUpdated": "2026-05-29T14:08:13.754Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-31805 (GCVE-0-2022-31805)

    Vulnerability from nvd – Published: 2022-06-24 07:46 – Updated: 2024-09-16 18:55
    VLAI
    Title
    Insecure transmission of credentials
    Summary
    In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
    CWE
    • CWE-523 - Unprotected Transport of Credentials
    Assigner
    References
    Date Public
    2022-06-22 22:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:01.086Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Development System",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V2.3.9.69",
                  "status": "affected",
                  "version": "V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "V3.5.18.30",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Gateway Client",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V2.3.9.38",
                  "status": "affected",
                  "version": "V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Gateway Server",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V2.3.9.38",
                  "status": "affected",
                  "version": "V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Web server",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V1.1.9.23",
                  "status": "affected",
                  "version": "V1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS SP Realtime NT",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V2.3.7.30",
                  "status": "affected",
                  "version": "V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS PLCWinNT",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V2.4.7.57",
                  "status": "affected",
                  "version": "V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit 32 bit full",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V2.4.7.57",
                  "status": "affected",
                  "version": "V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Edge Gateway for Windows",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.30",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.30",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS OPC DA Server SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.30",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS PLCHandler",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.30",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Gateway",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.30",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-06-22T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIn the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.\u003c/p\u003e"
                }
              ],
              "value": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-523",
                  "description": "CWE-523 Unprotected Transport of Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-09T12:54:39.506Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#",
              "64140"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Insecure transmission of credentials",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-06-23T10:00:00.000Z",
              "ID": "CVE-2022-31805",
              "STATE": "PUBLIC",
              "TITLE": "Insecure transmission of credentials"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS Development System",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V2",
                                "version_value": "V2.3.9.69"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Gateway Client",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V2",
                                "version_value": "V2.3.9.38"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Gateway Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V2",
                                "version_value": "V2.3.9.38"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Web server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V1",
                                "version_value": "V1.1.9.23"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS SP Realtime NT",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V2",
                                "version_value": "V2.3.7.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS PLCWinNT",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V2",
                                "version_value": "V2.4.7.57"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Runtime Toolkit 32 bit full",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V2",
                                "version_value": "V2.4.7.57"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS HMI (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS OPC DA Server SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS PLCHandler",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CODESYS"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-523 Unprotected Transport of Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download=",
                  "refsource": "CONFIRM",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
                }
              ]
            },
            "source": {
              "defect": [
                "CERT@VDE#",
                "64140"
              ],
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-31805",
        "datePublished": "2022-06-24T07:46:15.076Z",
        "dateReserved": "2022-05-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:55:26.939Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22519 (GCVE-0-2022-22519)

    Vulnerability from nvd – Published: 2022-04-07 18:21 – Updated: 2024-09-17 03:22
    VLAI
    Title
    Special HTTP(s) Requests can cause a buffer-read causing a crash of the webserver and the runtime system.
    Summary
    A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Runtime System Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Embedded Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Beckhoff CX9020 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    Date Public
    2022-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.378Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17094\u0026token=2fb188e2213c74194e81ba61ff99f1c68602ba4d\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Runtime System Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Embedded Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Remote Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Beckhoff CX9020 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "CWE-126 Buffer Over-read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-27T05:55:13.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17094\u0026token=2fb188e2213c74194e81ba61ff99f1c68602ba4d\u0026download="
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Special HTTP(s) Requests can cause a buffer-read causing a crash of the webserver and the runtime system.",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-04-06T10:00:00.000Z",
              "ID": "CVE-2022-22519",
              "STATE": "PUBLIC",
              "TITLE": "Special HTTP(s) Requests can cause a buffer-read causing a crash of the webserver and the runtime system."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS Control RTE (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Win (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS HMI (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Runtime System Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Embedded Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Remote Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for BeagleBone SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Beckhoff CX9020 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for emPC-A/iMX6 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for IOT2000 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Linux SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC100 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC200 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PLCnext SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Raspberry Pi SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CODESYS"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-126 Buffer Over-read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17094\u0026token=2fb188e2213c74194e81ba61ff99f1c68602ba4d\u0026download=",
                  "refsource": "MISC",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17094\u0026token=2fb188e2213c74194e81ba61ff99f1c68602ba4d\u0026download="
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-22519",
        "datePublished": "2022-04-07T18:21:23.764Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:22:45.345Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22517 (GCVE-0-2022-22517)

    Vulnerability from nvd – Published: 2022-04-07 18:21 – Updated: 2024-09-16 22:16
    VLAI
    Title
    Communication Components in multiple CODESYS products vulnerable to communication channel disruption
    Summary
    An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.
    CWE
    • CWE-334 - Small Space of Random Values
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Gateway Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Windows Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Development System V3 Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Runtime System Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Embedded Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Beckhoff CX9020 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Linux Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS OPC DA Server SL Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS PLCHandler Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    Date Public
    2022-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.454Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Gateway",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Windows",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Development System V3",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Runtime System Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Embedded Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Remote Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Beckhoff CX9020 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Linux",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS OPC DA Server SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS PLCHandler",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-334",
                  "description": "CWE-334 Small Space of Random Values",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-07T18:21:19.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download="
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Communication Components in multiple CODESYS products vulnerable to communication channel disruption",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-04-06T10:00:00.000Z",
              "ID": "CVE-2022-22517",
              "STATE": "PUBLIC",
              "TITLE": "Communication Components in multiple CODESYS products vulnerable to communication channel disruption"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS Control RTE (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Win (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS HMI (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Development System V3",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Runtime System Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Embedded Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Remote Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for BeagleBone SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Beckhoff CX9020 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for emPC-A/iMX6 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for IOT2000 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Linux SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC100 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC200 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PLCnext SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Raspberry Pi SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Linux",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS OPC DA Server SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS PLCHandler",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CODESYS"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-334 Small Space of Random Values"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download=",
                  "refsource": "MISC",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download="
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-22517",
        "datePublished": "2022-04-07T18:21:20.091Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:16:04.923Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22515 (GCVE-0-2022-22515)

    Vulnerability from nvd – Published: 2022-04-07 18:21 – Updated: 2024-09-16 17:59
    VLAI
    Title
    A component of the CODESYS Control runtime system allows read and write access to configuration files
    Summary
    A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.
    CWE
    • CWE-668 - Exposure of Resource to Wrong Sphere
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Development System V3 Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Runtime System Toolkit Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Embedded Target Visu Toolkit Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Toolkit Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Beckhoff CX9020 SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    Date Public
    2022-06-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.437Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17089\u0026token=cc5041e24fc744a397a6f6e3b78200a40e6fcd53\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Development System V3",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Runtime System Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Embedded Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Remote Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Beckhoff CX9020 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-06-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-668",
                  "description": "CWE-668 Exposure of Resource to Wrong Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T07:45:29.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17089\u0026token=cc5041e24fc744a397a6f6e3b78200a40e6fcd53\u0026download="
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "A component of the CODESYS Control runtime system allows read and write access to configuration files",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-06-01T10:00:00.000Z",
              "ID": "CVE-2022-22515",
              "STATE": "PUBLIC",
              "TITLE": "A component of the CODESYS Control runtime system allows read and write access to configuration files"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS Control RTE (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Win (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS HMI (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Development System V3",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Runtime System Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Embedded Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Remote Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for BeagleBone SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Beckhoff CX9020 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for emPC-A/iMX6 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for IOT2000 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Linux SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC100 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC200 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PLCnext SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Raspberry Pi SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CODESYS"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-668 Exposure of Resource to Wrong Sphere"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17089\u0026token=cc5041e24fc744a397a6f6e3b78200a40e6fcd53\u0026download=",
                  "refsource": "CONFIRM",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17089\u0026token=cc5041e24fc744a397a6f6e3b78200a40e6fcd53\u0026download="
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-22515",
        "datePublished": "2022-04-07T18:21:16.280Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:59:22.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22514 (GCVE-0-2022-22514)

    Vulnerability from nvd – Published: 2022-04-07 18:21 – Updated: 2024-09-17 03:03
    VLAI
    Title
    Untrusted Pointer Dereference in multiple CODESYS products can lead to a DoS.
    Summary
    An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.
    CWE
    • CWE-822 - Untrusted Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Gateway Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Windows Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Development System V3 Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Runtime System Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Embedded Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Beckhoff CX9020 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Linux Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    Date Public
    2022-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.446Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Gateway",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Windows",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Development System V3",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Runtime System Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Embedded Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Remote Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Beckhoff CX9020 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Linux",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "CWE-822: Untrusted Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-27T05:55:11.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Untrusted Pointer Dereference in multiple CODESYS products can lead to a DoS.",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-04-06T10:00:00.000Z",
              "ID": "CVE-2022-22514",
              "STATE": "PUBLIC",
              "TITLE": "Untrusted Pointer Dereference in multiple CODESYS products can lead to a DoS."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS Control RTE (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Win (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS HMI (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Development System V3",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Runtime System Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Embedded Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Remote Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for BeagleBone SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Beckhoff CX9020 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for emPC-A/iMX6 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for IOT2000 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Linux SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC100 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC200 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PLCnext SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Raspberry Pi SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Linux",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CODESYS"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-822: Untrusted Pointer Dereference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download=",
                  "refsource": "MISC",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-22514",
        "datePublished": "2022-04-07T18:21:14.309Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:03:50.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22513 (GCVE-0-2022-22513)

    Vulnerability from nvd – Published: 2022-04-07 18:21 – Updated: 2024-09-17 04:29
    VLAI
    Title
    Null Pointer Dereference in multiple CODESYS products can lead to a DoS.
    Summary
    An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Gateway Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Windows Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Development System V3 Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Runtime System Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Embedded Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Beckhoff CX9020 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Linux Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    Date Public
    2022-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.460Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Gateway",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Windows",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Development System V3",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Runtime System Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Embedded Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Remote Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Beckhoff CX9020 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Linux",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-27T05:55:10.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Null Pointer Dereference in multiple CODESYS products can lead to a DoS.",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-04-06T10:00:00.000Z",
              "ID": "CVE-2022-22513",
              "STATE": "PUBLIC",
              "TITLE": "Null Pointer Dereference in multiple CODESYS products can lead to a DoS."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS Control RTE (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Win (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS HMI (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Development System V3",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Runtime System Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Embedded Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Remote Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for BeagleBone SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Beckhoff CX9020 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for emPC-A/iMX6 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for IOT2000 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Linux SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC100 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC200 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PLCnext SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Raspberry Pi SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Linux",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CODESYS"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-476 NULL Pointer Dereference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download=",
                  "refsource": "MISC",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-22513",
        "datePublished": "2022-04-07T18:21:12.792Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:29:14.122Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9013 (GCVE-0-2019-9013)

    Vulnerability from nvd – Published: 2019-08-15 16:08 – Updated: 2024-08-04 21:31
    VLAI
    Summary
    An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:31:37.591Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-04"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-11T11:39:08.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-04"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-9013",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsa-19-213-04",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-04"
                },
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download=",
                  "refsource": "CONFIRM",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-9013",
        "datePublished": "2019-08-15T16:08:31.000Z",
        "dateReserved": "2019-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T21:31:37.591Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-20026 (GCVE-0-2018-20026)

    Vulnerability from nvd – Published: 2019-02-19 21:00 – Updated: 2024-09-16 20:37
    VLAI
    Summary
    Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.
    Severity
    No CVSS data available.
    CWE
    • Improper Communication Address Filtering
    Assigner
    Impacted products
    Vendor Product Version
    Kaspersky Lab CODESYS V3 products Affected: prior V3.5.14.0
    Create a notification for this product.
    Date Public
    2018-12-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:51:18.313Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "106251",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106251"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS V3 products",
              "vendor": "Kaspersky Lab",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior V3.5.14.0"
                }
              ]
            }
          ],
          "datePublic": "2018-12-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Communication Address Filtering",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-02T14:43:36.000Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "name": "106251",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106251"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerability@kaspersky.com",
              "DATE_PUBLIC": "2018-12-19T00:00:00",
              "ID": "CVE-2018-20026",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS V3 products",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior V3.5.14.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kaspersky Lab"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Communication Address Filtering"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "106251",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106251"
                },
                {
                  "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/",
                  "refsource": "MISC",
                  "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2018-20026",
        "datePublished": "2019-02-19T21:00:00.000Z",
        "dateReserved": "2018-12-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:37:39.329Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-20025 (GCVE-0-2018-20025)

    Vulnerability from nvd – Published: 2019-02-19 21:00 – Updated: 2024-09-16 18:39
    VLAI
    Summary
    Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.
    Severity
    No CVSS data available.
    CWE
    • Use of Insufficiently Random Values
    Assigner
    Impacted products
    Vendor Product Version
    Kaspersky Lab CODESYS V3 products Affected: prior V3.5.14.0
    Create a notification for this product.
    Date Public
    2018-12-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:51:18.307Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "106251",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106251"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS V3 products",
              "vendor": "Kaspersky Lab",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior V3.5.14.0"
                }
              ]
            }
          ],
          "datePublic": "2018-12-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use of Insufficiently Random Values",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-02T14:40:07.000Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "name": "106251",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106251"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerability@kaspersky.com",
              "DATE_PUBLIC": "2018-12-10T00:00:00",
              "ID": "CVE-2018-20025",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS V3 products",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior V3.5.14.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kaspersky Lab"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use of Insufficiently Random Values"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "106251",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106251"
                },
                {
                  "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/",
                  "refsource": "MISC",
                  "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2018-20025",
        "datePublished": "2019-02-19T21:00:00.000Z",
        "dateReserved": "2018-12-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:39:11.508Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-10612 (GCVE-0-2018-10612)

    Vulnerability from nvd – Published: 2019-01-29 16:00 – Updated: 2024-09-17 02:32
    VLAI
    Summary
    In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - IMPROPER ACCESS CONTROL CWE-284
    Assigner
    References
    Impacted products
    Vendor Product Version
    3S-Smart 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0 Affected: 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0
    Create a notification for this product.
    Date Public
    2018-12-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:46:46.237Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "106248",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106248"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0",
              "vendor": "3S-Smart",
              "versions": [
                {
                  "status": "affected",
                  "version": "3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0"
                }
              ]
            }
          ],
          "datePublic": "2018-12-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "IMPROPER ACCESS CONTROL CWE-284",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-30T10:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "name": "106248",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106248"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-12-18T00:00:00",
              "ID": "CVE-2018-10612",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "3S-Smart"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER ACCESS CONTROL CWE-284"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "106248",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106248"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-10612",
        "datePublished": "2019-01-29T16:00:00.000Z",
        "dateReserved": "2018-05-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:32:49.885Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-41738 (GCVE-0-2025-41738)

    Vulnerability from cvelistv5 – Published: 2025-12-01 10:02 – Updated: 2025-12-01 14:00
    VLAI
    Title
    CODESYS Control - Invalid type usage in visualization
    Summary
    An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Runtime Toolkit Affected: 3.5.18.0 , < 3.5.21.40 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux ARM SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    CODESYS CODESYS Virtual Control SL Affected: 4.5.0.0 , < 4.19.0.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41738",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-01T13:59:44.375519Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-01T14:00:28.509Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Remote Target Visu",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.21.40",
                  "status": "affected",
                  "version": "3.5.18.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux ARM SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Virtual Control SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.19.0.0",
                  "status": "affected",
                  "version": "4.5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-843",
                  "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-01T10:02:33.407Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-100"
            }
          ],
          "source": {
            "advisory": "VDE-2025-100",
            "defect": [
              "CERT@VDE#641889"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "CODESYS Control - Invalid type usage in visualization",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41738",
        "datePublished": "2025-12-01T10:02:33.407Z",
        "dateReserved": "2025-04-16T11:17:48.320Z",
        "dateUpdated": "2025-12-01T14:00:28.509Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-4046 (GCVE-0-2022-4046)

    Vulnerability from cvelistv5 – Published: 2023-08-03 12:39 – Updated: 2026-05-29 14:06
    VLAI
    Title
    CODESYS: Improper memory restrictions fro CODESYS Control
    Summary
    In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    References
    Date Public
    2023-08-03 10:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:27:54.486Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-025/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4046",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T14:06:27.478239Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T14:06:35.326Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "CODESYS Control Runtime System Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "datePublic": "2023-08-03T10:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device."
                }
              ],
              "value": "In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-03T12:39:44.002Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-025/"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#64299"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "CODESYS: Improper memory restrictions fro CODESYS Control",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-4046",
        "datePublished": "2023-08-03T12:39:44.002Z",
        "dateReserved": "2022-11-17T07:07:09.714Z",
        "dateUpdated": "2026-05-29T14:06:35.326Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-4224 (GCVE-0-2022-4224)

    Vulnerability from cvelistv5 – Published: 2023-03-23 11:15 – Updated: 2026-05-29 14:08
    VLAI
    Title
    CODESYS: Exposure of Resource to Wrong Sphere in CODESYS V3
    Summary
    In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1188 - Insecure Default Initialization of Resource
    Assigner
    Impacted products
    Vendor Product Version
    CODESYS Control RTE (SL) Affected: 3.0.0.0 , < 3.5.19.0 (custom)
    Create a notification for this product.
    CODESYS Control RTE (for Beckhoff CX) SL Affected: 3.0.0.0 , < 3.5.19.0 (custom)
    Create a notification for this product.
    CODESYS Control Win (SL) Affected: 3.0.0.0 , < 3.5.19.0 (custom)
    Create a notification for this product.
    CODESYS Runtime Toolkit Affected: 3.0.0.0 , < 3.5.19.0 (custom)
    Create a notification for this product.
    CODESYS Safety SIL2 Runtime Toolkit Affected: 3.0.0.0 , < 3.5.19.0 (custom)
    Create a notification for this product.
    CODESYS Safety SIL2 PSP Affected: 3.0.0.0 , < 3.5.19.0 (custom)
    Create a notification for this product.
    CODESYS HMI (SL) Affected: 3.0.0.0 , < 3.5.19.0 (custom)
    Create a notification for this product.
    CODESYS Development System V3 Affected: 3.0.0.0 , < 3.5.19.0 (custom)
    Create a notification for this product.
    CODESYS Control for BeagleBone SL Affected: 3.0.0.0 , < 4.8.0.0 (custom)
    Create a notification for this product.
    CODESYS Control for emPC-A/iMX6 SL Affected: 3.0.0.0 , < 4.8.0.0 (custom)
    Create a notification for this product.
    CODESYS Control for IOT2000 SL Affected: 3.0.0.0 , < 4.8.0.0 (custom)
    Create a notification for this product.
    CODESYS Control for Linux SL Affected: 3.0.0.0 , < 4.8.0.0 (custom)
    Create a notification for this product.
    CODESYS Control for PFC100 SL Affected: 3.0.0.0 , < 4.8.0.0 (custom)
    Create a notification for this product.
    CODESYS Control for PFC200 SL Affected: 3.0.0.0 , < 4.8.0.0 (custom)
    Create a notification for this product.
    CODESYS Control for PLCnext SL Affected: 3.0.0.0 , < 4.8.0.0 (custom)
    Create a notification for this product.
    CODESYS Control for Raspberry Pi SL Affected: 3.0.0.0 , < 4.8.0.0 (custom)
    Create a notification for this product.
    CODESYS Control for WAGO Touch Panels 600 SL Affected: 3.0.0.0 , < 4.8.0.0 (custom)
    Create a notification for this product.
    Credits
    Franklin Zhao from ELEX FEIGONG RESEARCH INSTITUTE of Elex CyberSecurity Reid Wightman of Dragos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:34:49.591Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17553\u0026token=cf49757d232ea8021f0c0dd6c65e71ea5942b12d\u0026download="
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4224",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T14:07:26.160566Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T14:08:13.754Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Control RTE (SL) ",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.19.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.19.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.19.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": " Runtime Toolkit ",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.19.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Safety SIL2 Runtime Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.19.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Safety SIL2 PSP",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.19.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "HMI (SL) ",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.19.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Development System V3",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "3.5.19.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": " Control for BeagleBone SL ",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.8.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.8.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.8.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.8.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": " Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.8.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": " Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.8.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.8.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.8.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "4.8.0.0",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Franklin Zhao from ELEX FEIGONG RESEARCH INSTITUTE of Elex CyberSecurity"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Reid Wightman of Dragos"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In multiple products of CODESYS v3 in multiple versions a remote low privileged user\u0026nbsp;could utilize this vulnerability to read and modify system files and OS resources or DoS the device."
                }
              ],
              "value": "In multiple products of CODESYS v3 in multiple versions a remote low privileged user\u00a0could utilize this vulnerability to read and modify system files and OS resources or DoS the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1188",
                  "description": "CWE-1188 Insecure Default Initialization of Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-09T10:47:13.144Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17553\u0026token=cf49757d232ea8021f0c0dd6c65e71ea5942b12d\u0026download="
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#64318"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "CODESYS:  Exposure of Resource to Wrong Sphere in CODESYS V3",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-4224",
        "datePublished": "2023-03-23T11:15:37.014Z",
        "dateReserved": "2022-11-30T06:54:13.183Z",
        "dateUpdated": "2026-05-29T14:08:13.754Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-31805 (GCVE-0-2022-31805)

    Vulnerability from cvelistv5 – Published: 2022-06-24 07:46 – Updated: 2024-09-16 18:55
    VLAI
    Title
    Insecure transmission of credentials
    Summary
    In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
    CWE
    • CWE-523 - Unprotected Transport of Credentials
    Assigner
    References
    Date Public
    2022-06-22 22:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:01.086Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Development System",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V2.3.9.69",
                  "status": "affected",
                  "version": "V2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "V3.5.18.30",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Gateway Client",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V2.3.9.38",
                  "status": "affected",
                  "version": "V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Gateway Server",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V2.3.9.38",
                  "status": "affected",
                  "version": "V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Web server",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V1.1.9.23",
                  "status": "affected",
                  "version": "V1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS SP Realtime NT",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V2.3.7.30",
                  "status": "affected",
                  "version": "V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS PLCWinNT",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V2.4.7.57",
                  "status": "affected",
                  "version": "V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Runtime Toolkit 32 bit full",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V2.4.7.57",
                  "status": "affected",
                  "version": "V2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Edge Gateway for Windows",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.30",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.30",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS OPC DA Server SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.30",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS PLCHandler",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.30",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CODESYS Gateway",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.30",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-06-22T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIn the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.\u003c/p\u003e"
                }
              ],
              "value": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-523",
                  "description": "CWE-523 Unprotected Transport of Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-09T12:54:39.506Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#",
              "64140"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Insecure transmission of credentials",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-06-23T10:00:00.000Z",
              "ID": "CVE-2022-31805",
              "STATE": "PUBLIC",
              "TITLE": "Insecure transmission of credentials"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS Development System",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V2",
                                "version_value": "V2.3.9.69"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Gateway Client",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V2",
                                "version_value": "V2.3.9.38"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Gateway Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V2",
                                "version_value": "V2.3.9.38"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Web server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V1",
                                "version_value": "V1.1.9.23"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS SP Realtime NT",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V2",
                                "version_value": "V2.3.7.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS PLCWinNT",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V2",
                                "version_value": "V2.4.7.57"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Runtime Toolkit 32 bit full",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V2",
                                "version_value": "V2.4.7.57"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS HMI (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS OPC DA Server SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS PLCHandler",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.18.20"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CODESYS"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-523 Unprotected Transport of Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download=",
                  "refsource": "CONFIRM",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
                }
              ]
            },
            "source": {
              "defect": [
                "CERT@VDE#",
                "64140"
              ],
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-31805",
        "datePublished": "2022-06-24T07:46:15.076Z",
        "dateReserved": "2022-05-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:55:26.939Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22519 (GCVE-0-2022-22519)

    Vulnerability from cvelistv5 – Published: 2022-04-07 18:21 – Updated: 2024-09-17 03:22
    VLAI
    Title
    Special HTTP(s) Requests can cause a buffer-read causing a crash of the webserver and the runtime system.
    Summary
    A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Runtime System Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Embedded Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Beckhoff CX9020 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    Date Public
    2022-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.378Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17094\u0026token=2fb188e2213c74194e81ba61ff99f1c68602ba4d\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Runtime System Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Embedded Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Remote Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Beckhoff CX9020 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-126",
                  "description": "CWE-126 Buffer Over-read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-27T05:55:13.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17094\u0026token=2fb188e2213c74194e81ba61ff99f1c68602ba4d\u0026download="
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Special HTTP(s) Requests can cause a buffer-read causing a crash of the webserver and the runtime system.",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-04-06T10:00:00.000Z",
              "ID": "CVE-2022-22519",
              "STATE": "PUBLIC",
              "TITLE": "Special HTTP(s) Requests can cause a buffer-read causing a crash of the webserver and the runtime system."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS Control RTE (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Win (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS HMI (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Runtime System Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Embedded Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Remote Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for BeagleBone SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Beckhoff CX9020 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for emPC-A/iMX6 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for IOT2000 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Linux SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC100 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC200 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PLCnext SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Raspberry Pi SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CODESYS"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-126 Buffer Over-read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17094\u0026token=2fb188e2213c74194e81ba61ff99f1c68602ba4d\u0026download=",
                  "refsource": "MISC",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17094\u0026token=2fb188e2213c74194e81ba61ff99f1c68602ba4d\u0026download="
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-22519",
        "datePublished": "2022-04-07T18:21:23.764Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:22:45.345Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22517 (GCVE-0-2022-22517)

    Vulnerability from cvelistv5 – Published: 2022-04-07 18:21 – Updated: 2024-09-16 22:16
    VLAI
    Title
    Communication Components in multiple CODESYS products vulnerable to communication channel disruption
    Summary
    An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.
    CWE
    • CWE-334 - Small Space of Random Values
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Gateway Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Windows Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Development System V3 Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Runtime System Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Embedded Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Beckhoff CX9020 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Linux Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS OPC DA Server SL Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS PLCHandler Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    Date Public
    2022-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.454Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Gateway",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Windows",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Development System V3",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Runtime System Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Embedded Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Remote Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Beckhoff CX9020 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Linux",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS OPC DA Server SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS PLCHandler",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-334",
                  "description": "CWE-334 Small Space of Random Values",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-07T18:21:19.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download="
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Communication Components in multiple CODESYS products vulnerable to communication channel disruption",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-04-06T10:00:00.000Z",
              "ID": "CVE-2022-22517",
              "STATE": "PUBLIC",
              "TITLE": "Communication Components in multiple CODESYS products vulnerable to communication channel disruption"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS Control RTE (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Win (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS HMI (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Development System V3",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Runtime System Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Embedded Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Remote Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for BeagleBone SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Beckhoff CX9020 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for emPC-A/iMX6 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for IOT2000 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Linux SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC100 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC200 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PLCnext SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Raspberry Pi SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Linux",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS OPC DA Server SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS PLCHandler",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CODESYS"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-334 Small Space of Random Values"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download=",
                  "refsource": "MISC",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17091\u0026token=c450f8bbbd838c647d102f359356386c6ea5aeca\u0026download="
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-22517",
        "datePublished": "2022-04-07T18:21:20.091Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:16:04.923Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22515 (GCVE-0-2022-22515)

    Vulnerability from cvelistv5 – Published: 2022-04-07 18:21 – Updated: 2024-09-16 17:59
    VLAI
    Title
    A component of the CODESYS Control runtime system allows read and write access to configuration files
    Summary
    A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.
    CWE
    • CWE-668 - Exposure of Resource to Wrong Sphere
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Development System V3 Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Runtime System Toolkit Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Embedded Target Visu Toolkit Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Toolkit Affected: V3 , < V3.5.17.40 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Beckhoff CX9020 SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: V4 , < V4.5.0.0 (custom)
    Create a notification for this product.
    Date Public
    2022-06-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.437Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17089\u0026token=cc5041e24fc744a397a6f6e3b78200a40e6fcd53\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Development System V3",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Runtime System Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Embedded Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Remote Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.17.40",
                  "status": "affected",
                  "version": "V3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Beckhoff CX9020 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-06-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-668",
                  "description": "CWE-668 Exposure of Resource to Wrong Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T07:45:29.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17089\u0026token=cc5041e24fc744a397a6f6e3b78200a40e6fcd53\u0026download="
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "A component of the CODESYS Control runtime system allows read and write access to configuration files",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-06-01T10:00:00.000Z",
              "ID": "CVE-2022-22515",
              "STATE": "PUBLIC",
              "TITLE": "A component of the CODESYS Control runtime system allows read and write access to configuration files"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS Control RTE (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Win (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS HMI (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Development System V3",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Runtime System Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Embedded Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Remote Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3",
                                "version_value": "V3.5.17.40"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for BeagleBone SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Beckhoff CX9020 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for emPC-A/iMX6 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for IOT2000 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Linux SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC100 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC200 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PLCnext SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Raspberry Pi SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CODESYS"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-668 Exposure of Resource to Wrong Sphere"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17089\u0026token=cc5041e24fc744a397a6f6e3b78200a40e6fcd53\u0026download=",
                  "refsource": "CONFIRM",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17089\u0026token=cc5041e24fc744a397a6f6e3b78200a40e6fcd53\u0026download="
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-22515",
        "datePublished": "2022-04-07T18:21:16.280Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:59:22.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22514 (GCVE-0-2022-22514)

    Vulnerability from cvelistv5 – Published: 2022-04-07 18:21 – Updated: 2024-09-17 03:03
    VLAI
    Title
    Untrusted Pointer Dereference in multiple CODESYS products can lead to a DoS.
    Summary
    An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.
    CWE
    • CWE-822 - Untrusted Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Gateway Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Windows Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Development System V3 Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Runtime System Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Embedded Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Beckhoff CX9020 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Linux Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    Date Public
    2022-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.446Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Gateway",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Windows",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Development System V3",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Runtime System Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Embedded Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Remote Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Beckhoff CX9020 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Linux",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "CWE-822: Untrusted Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-27T05:55:11.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Untrusted Pointer Dereference in multiple CODESYS products can lead to a DoS.",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-04-06T10:00:00.000Z",
              "ID": "CVE-2022-22514",
              "STATE": "PUBLIC",
              "TITLE": "Untrusted Pointer Dereference in multiple CODESYS products can lead to a DoS."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS Control RTE (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Win (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS HMI (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Development System V3",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Runtime System Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Embedded Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Remote Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for BeagleBone SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Beckhoff CX9020 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for emPC-A/iMX6 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for IOT2000 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Linux SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC100 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC200 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PLCnext SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Raspberry Pi SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Linux",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CODESYS"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-822: Untrusted Pointer Dereference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download=",
                  "refsource": "MISC",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-22514",
        "datePublished": "2022-04-07T18:21:14.309Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:03:50.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22513 (GCVE-0-2022-22513)

    Vulnerability from cvelistv5 – Published: 2022-04-07 18:21 – Updated: 2024-09-17 04:29
    VLAI
    Title
    Null Pointer Dereference in multiple CODESYS products can lead to a DoS.
    Summary
    An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    CODESYS CODESYS Control RTE (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control RTE (for Beckhoff CX) SL Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Win (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Gateway Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Windows Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS HMI (SL) Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Development System V3 Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control Runtime System Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Embedded Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Remote Target Visu Toolkit Affected: V3.5.18.0 , < V3.5.18.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for BeagleBone SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Beckhoff CX9020 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for emPC-A/iMX6 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for IOT2000 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Linux SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC100 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PFC200 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for PLCnext SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for Raspberry Pi SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Control for WAGO Touch Panels 600 SL Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    CODESYS CODESYS Edge Gateway for Linux Affected: V4.5.0.0 , < V4.5.0.0 (custom)
    Create a notification for this product.
    Date Public
    2022-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.460Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS Control RTE (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control RTE (for Beckhoff CX) SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Win (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Gateway",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Windows",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS HMI (SL)",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Development System V3",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control Runtime System Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Embedded Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Remote Target Visu Toolkit",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V3.5.18.0",
                  "status": "affected",
                  "version": "V3.5.18.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for BeagleBone SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Beckhoff CX9020 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for emPC-A/iMX6 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for IOT2000 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Linux SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC100 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PFC200 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for PLCnext SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for Raspberry Pi SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Control for WAGO Touch Panels 600 SL",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "CODESYS Edge Gateway for Linux",
              "vendor": "CODESYS",
              "versions": [
                {
                  "lessThan": "V4.5.0.0",
                  "status": "affected",
                  "version": "V4.5.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-27T05:55:10.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Null Pointer Dereference in multiple CODESYS products can lead to a DoS.",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-04-06T10:00:00.000Z",
              "ID": "CVE-2022-22513",
              "STATE": "PUBLIC",
              "TITLE": "Null Pointer Dereference in multiple CODESYS products can lead to a DoS."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS Control RTE (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Win (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS HMI (SL)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Development System V3",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control Runtime System Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Embedded Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Remote Target Visu Toolkit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V3.5.18.0",
                                "version_value": "V3.5.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for BeagleBone SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Beckhoff CX9020 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for emPC-A/iMX6 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for IOT2000 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Linux SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC100 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PFC200 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for PLCnext SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for Raspberry Pi SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "CODESYS Edge Gateway for Linux",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "V4.5.0.0",
                                "version_value": "V4.5.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CODESYS"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-476 NULL Pointer Dereference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download=",
                  "refsource": "MISC",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-22513",
        "datePublished": "2022-04-07T18:21:12.792Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:29:14.122Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9013 (GCVE-0-2019-9013)

    Vulnerability from cvelistv5 – Published: 2019-08-15 16:08 – Updated: 2024-08-04 21:31
    VLAI
    Summary
    An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:31:37.591Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-04"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-11T11:39:08.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-04"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-9013",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component are affected regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS V3 Simulation Runtime (part of the CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsa-19-213-04",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-04"
                },
                {
                  "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download=",
                  "refsource": "CONFIRM",
                  "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=12943\u0026token=d097958a67ba382de688916f77e3013c0802fade\u0026download="
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-9013",
        "datePublished": "2019-08-15T16:08:31.000Z",
        "dateReserved": "2019-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T21:31:37.591Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-20025 (GCVE-0-2018-20025)

    Vulnerability from cvelistv5 – Published: 2019-02-19 21:00 – Updated: 2024-09-16 18:39
    VLAI
    Summary
    Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.
    Severity
    No CVSS data available.
    CWE
    • Use of Insufficiently Random Values
    Assigner
    Impacted products
    Vendor Product Version
    Kaspersky Lab CODESYS V3 products Affected: prior V3.5.14.0
    Create a notification for this product.
    Date Public
    2018-12-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:51:18.307Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "106251",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106251"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS V3 products",
              "vendor": "Kaspersky Lab",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior V3.5.14.0"
                }
              ]
            }
          ],
          "datePublic": "2018-12-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use of Insufficiently Random Values",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-02T14:40:07.000Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "name": "106251",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106251"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerability@kaspersky.com",
              "DATE_PUBLIC": "2018-12-10T00:00:00",
              "ID": "CVE-2018-20025",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS V3 products",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior V3.5.14.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kaspersky Lab"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use of Insufficiently Random Values"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "106251",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106251"
                },
                {
                  "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/",
                  "refsource": "MISC",
                  "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2018-20025",
        "datePublished": "2019-02-19T21:00:00.000Z",
        "dateReserved": "2018-12-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:39:11.508Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-20026 (GCVE-0-2018-20026)

    Vulnerability from cvelistv5 – Published: 2019-02-19 21:00 – Updated: 2024-09-16 20:37
    VLAI
    Summary
    Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.
    Severity
    No CVSS data available.
    CWE
    • Improper Communication Address Filtering
    Assigner
    Impacted products
    Vendor Product Version
    Kaspersky Lab CODESYS V3 products Affected: prior V3.5.14.0
    Create a notification for this product.
    Date Public
    2018-12-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:51:18.313Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "106251",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106251"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CODESYS V3 products",
              "vendor": "Kaspersky Lab",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior V3.5.14.0"
                }
              ]
            }
          ],
          "datePublic": "2018-12-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Communication Address Filtering",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-02T14:43:36.000Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "name": "106251",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106251"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerability@kaspersky.com",
              "DATE_PUBLIC": "2018-12-19T00:00:00",
              "ID": "CVE-2018-20026",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CODESYS V3 products",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior V3.5.14.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kaspersky Lab"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Communication Address Filtering"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "106251",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106251"
                },
                {
                  "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/",
                  "refsource": "MISC",
                  "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2018-20026",
        "datePublished": "2019-02-19T21:00:00.000Z",
        "dateReserved": "2018-12-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:37:39.329Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-10612 (GCVE-0-2018-10612)

    Vulnerability from cvelistv5 – Published: 2019-01-29 16:00 – Updated: 2024-09-17 02:32
    VLAI
    Summary
    In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - IMPROPER ACCESS CONTROL CWE-284
    Assigner
    References
    Impacted products
    Vendor Product Version
    3S-Smart 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0 Affected: 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0
    Create a notification for this product.
    Date Public
    2018-12-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:46:46.237Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "106248",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106248"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0",
              "vendor": "3S-Smart",
              "versions": [
                {
                  "status": "affected",
                  "version": "3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0"
                }
              ]
            }
          ],
          "datePublic": "2018-12-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "IMPROPER ACCESS CONTROL CWE-284",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-30T10:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "name": "106248",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106248"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-12-18T00:00:00",
              "ID": "CVE-2018-10612",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "3S-Smart"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER ACCESS CONTROL CWE-284"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "106248",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106248"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-10612",
        "datePublished": "2019-01-29T16:00:00.000Z",
        "dateReserved": "2018-05-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:32:49.885Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }