Lucene search
HistoryAug 03, 2023 - 1:15 p.m.
CVE-2022-4046
codesys
control
remote attacker
gain full access
cve-2022-4046
security vulnerability
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
44.5%
In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device.
Affected configurations
Node
codesyscontrol_for_beaglebone_sl
ORcodesyscontrol_for_empc-a\/imx6_sl
ORcodesyscontrol_for_iot2000_sl
ORcodesyscontrol_for_linux_sl
ORcodesyscontrol_for_pfc100_sl
ORcodesyscontrol_for_pfc200_sl
ORcodesyscontrol_for_plcnext_sl
ORcodesyscontrol_for_raspberry_pi_sl
ORcodesyscontrol_for_wago_touch_panels_600_sl
ORcodesyscontrol_rte_sl
ORcodesyscontrol_rte_sl_\(for_beckhoff_cx\)
ORcodesyscontrol_runtime_system_toolkit
ORcodesyscontrol_win_sl
ORcodesyshmi_sl
CNA Affected
[
{
"defaultStatus": "affected",
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "CODESYS Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "CODESYS Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "CODESYS Control Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "affected",
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
]References
Related
prion
prion
Out-of-bounds
2023-08-03 13:15:00
cvelist
cvelist
CVE-2022-4046 CODESYS: Improper memory restrictions fro CODESYS Control
2023-08-03 12:39:44
nvd
nvd
CVE-2022-4046
2023-08-03 13:15:09
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
44.5%
Related for CVE-2022-4046