CVE-2022-22514

Summary

An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.

Affected Software

VendorProductVersion RangeStatus
CODESYSCODESYS Control RTE (SL)V3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Control RTE (for Beckhoff CX) SLV3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Control Win (SL)V3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS GatewayV3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Edge Gateway for WindowsV3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS HMI (SL)V3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Development System V3V3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Control Runtime System ToolkitV3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Embedded Target Visu ToolkitV3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Remote Target Visu ToolkitV3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Control for BeagleBone SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for Beckhoff CX9020 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for emPC-A/iMX6 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for IOT2000 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for Linux SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for PFC100 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for PFC200 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for PLCnext SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for Raspberry Pi SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for WAGO Touch Panels 600 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Edge Gateway for LinuxV4.5.0.0 < V4.5.0.0affected

Weaknesses

  • CWE-822: CWE-822: Untrusted Pointer Dereference

ADP Enrichment

CVE Program Container

Additional References

References