CVE-2022-22508

Summary

Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type.

Affected Software

VendorProductVersion RangeStatus
CODESYS V3CODESYS Control RTE (SL)V0.0.0.0 < V3.5.18.40affected
CODESYS V3CODESYS Control RTE (for Beckhoff CX) SLV0.0.0.0 < V3.5.18.40affected
CODESYS V3CODESYS Control Win (SL)V0.0.0.0 < V3.5.18.40affected
CODESYS V3CODESYS HMI (SL)V0.0.0.0 < V3.5.18.40affected
CODESYS V3CODESYS Control Runtime System ToolkitV0.0.0.0 < V3.5.18.40affected
CODESYS V3CODESYS Control for BeagleBone SLV0.0.0.0 < V4.7.0.0affected
CODESYS V3CODESYS Control for emPC-A/iMX6 SLV0.0.0.0 < V4.7.0.0affected
CODESYS V3CODESYS Control for IOT2000 SLV0.0.0.0 < V4.7.0.0affected
CODESYS V3CODESYS Control for Linux SLV0.0.0.0 < V4.7.0.0affected
CODESYS V3CODESYS Control for PFC100 SLV0.0.0.0 < V4.7.0.0affected
CODESYS V3CODESYS Control for PFC200 SLV0.0.0.0 < V4.7.0.0affected
CODESYS V3CODESYS Control for PLCnext SLV0.0.0.0 < V4.7.0.0affected
CODESYS V3CODESYS Control for Raspberry Pi SLV0.0.0.0 < V4.7.0.0affected
CODESYS V3CODESYS Control for WAGO Touch Panels 600 SLV0.0.0.0 < V4.7.0.0affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References