Lucene search

[email protected]NVD:CVE-2022-4046

HistoryAug 03, 2023 - 1:15 p.m.

CVE-2022-4046

2023-08-0313:15:09

CWE-119

[email protected]

web.nvd.nist.gov

codesys control

memory buffer

remote attacker

user privileges

device access

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.5%

JSON

In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device.

Affected configurations

NVD

Node

codesyscontrol_for_beaglebone_sl

codesyscontrol_for_empc-a\/imx6_sl

codesyscontrol_for_iot2000_sl

codesyscontrol_for_linux_sl

codesyscontrol_for_pfc100_sl

codesyscontrol_for_pfc200_sl

codesyscontrol_for_plcnext_sl

codesyscontrol_for_raspberry_pi_sl

codesyscontrol_for_wago_touch_panels_600_sl

codesyscontrol_rte_sl

codesyscontrol_rte_sl_\(for_beckhoff_cx\)

codesyscontrol_runtime_system_toolkit

codesyscontrol_win_sl

codesyshmi_sl

References

cert.vde.com/en/advisories/VDE-2023-025/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.5%

JSON

Related for NVD:CVE-2022-4046

cve1 prion1 cvelist1