CVE-2022-22515

Summary

A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.

Affected Software

VendorProductVersion RangeStatus
CODESYSCODESYS Control RTE (SL)V3 < V3.5.17.40affected
CODESYSCODESYS Control RTE (for Beckhoff CX) SLV3 < V3.5.17.40affected
CODESYSCODESYS Control Win (SL)V3 < V3.5.17.40affected
CODESYSCODESYS HMI (SL)V3 < V3.5.17.40affected
CODESYSCODESYS Development System V3V3 < V3.5.17.40affected
CODESYSCODESYS Control Runtime System ToolkitV3 < V3.5.17.40affected
CODESYSCODESYS Embedded Target Visu ToolkitV3 < V3.5.17.40affected
CODESYSCODESYS Remote Target Visu ToolkitV3 < V3.5.17.40affected
CODESYSCODESYS Control for BeagleBone SLV4 < V4.5.0.0affected
CODESYSCODESYS Control for Beckhoff CX9020 SLV4 < V4.5.0.0affected
CODESYSCODESYS Control for emPC-A/iMX6 SLV4 < V4.5.0.0affected
CODESYSCODESYS Control for IOT2000 SLV4 < V4.5.0.0affected
CODESYSCODESYS Control for Linux SLV4 < V4.5.0.0affected
CODESYSCODESYS Control for PFC100 SLV4 < V4.5.0.0affected
CODESYSCODESYS Control for PFC200 SLV4 < V4.5.0.0affected
CODESYSCODESYS Control for PLCnext SLV4 < V4.5.0.0affected
CODESYSCODESYS Control for Raspberry Pi SLV4 < V4.5.0.0affected
CODESYSCODESYS Control for WAGO Touch Panels 600 SLV4 < V4.5.0.0affected

Weaknesses

  • CWE-668: CWE-668 Exposure of Resource to Wrong Sphere

ADP Enrichment

CVE Program Container

Additional References

References