CVE-2022-22517

Summary

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.

Affected Software

VendorProductVersion RangeStatus
CODESYSCODESYS Control RTE (SL)V3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Control RTE (for Beckhoff CX) SLV3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Control Win (SL)V3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS GatewayV3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Edge Gateway for WindowsV3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS HMI (SL)V3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Development System V3V3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Control Runtime System ToolkitV3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Embedded Target Visu ToolkitV3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Remote Target Visu ToolkitV3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Control for BeagleBone SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for Beckhoff CX9020 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for emPC-A/iMX6 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for IOT2000 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for Linux SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for PFC100 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for PFC200 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for PLCnext SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for Raspberry Pi SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for WAGO Touch Panels 600 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Edge Gateway for LinuxV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS OPC DA Server SLV3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS PLCHandlerV3.5.18.0 < V3.5.18.0affected

Weaknesses

  • CWE-334: CWE-334 Small Space of Random Values

ADP Enrichment

CVE Program Container

Additional References

References