CVE-2022-22519

Summary

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.

Affected Software

VendorProductVersion RangeStatus
CODESYSCODESYS Control RTE (SL)V3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Control RTE (for Beckhoff CX) SLV3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Control Win (SL)V3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS HMI (SL)V3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Control Runtime System ToolkitV3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Embedded Target Visu ToolkitV3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Remote Target Visu ToolkitV3.5.18.0 < V3.5.18.0affected
CODESYSCODESYS Control for BeagleBone SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for Beckhoff CX9020 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for emPC-A/iMX6 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for IOT2000 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for Linux SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for PFC100 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for PFC200 SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for PLCnext SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for Raspberry Pi SLV4.5.0.0 < V4.5.0.0affected
CODESYSCODESYS Control for WAGO Touch Panels 600 SLV4.5.0.0 < V4.5.0.0affected

Weaknesses

  • CWE-126: CWE-126 Buffer Over-read

ADP Enrichment

CVE Program Container

Additional References

References