CVE-2022-22513

Summary

An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.

Affected Software

VendorProductVersion RangeStatus
CODESYSCODESYS Control RTE (SL)V3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Control RTE (for Beckhoff CX) SLV3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Control Win (SL)V3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS GatewayV3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Edge Gateway for WindowsV3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS HMI (SL)V3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Development System V3V3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Control Runtime System ToolkitV3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Embedded Target Visu ToolkitV3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Remote Target Visu ToolkitV3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Control for BeagleBone SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for Beckhoff CX9020 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for emPC-A/iMX6 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for IOT2000 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for Linux SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for PFC100 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for PFC200 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for PLCnext SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for Raspberry Pi SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for WAGO Touch Panels 600 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Edge Gateway for LinuxV4.5.0.0 < V4.5.0.0affected

Weaknesses

  • CWE-476: CWE-476 NULL Pointer Dereference

ADP Enrichment

CVE Program Container

Additional References

References