CVE-2022-22518

Summary

A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy.

Affected Software

VendorProductVersion RangeStatus
CODESYSCODESYS Control for BeagleBone SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for Beckhoff CX9020 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for emPC-A/iMX6 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for IOT2000 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for Linux SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for PFC100 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for PFC200 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for Raspberry Pi SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for WAGO Touch Panels 600 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control Runtime System ToolkitV3.5.18.0 < V3.5.18.0affected

Weaknesses

  • CWE-276: CWE-276 Incorrect Default Permissions

ADP Enrichment

CVE Program Container

Additional References

References