CVE-2022-30791

Summary

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.

Affected Software

VendorProductVersion RangeStatus
CODESYSCODESYS Control RTE (SL)V3 < V3.5.18.20affected
CODESYSCODESYS Control RTE (for Beckhoff CX) SLV3 < V3.5.18.20affected
CODESYSCODESYS Control Win (SL)V3 < V3.5.18.20affected
CODESYSCODESYS GatewayV3 < V3.5.18.20affected
CODESYSCODESYS Edge Gateway for WindowsV3 < V3.5.18.20affected
CODESYSCODESYS HMI (SL)V3 < V3.5.18.20affected
CODESYSCODESYS Development System V3V3 < V3.5.18.10affected
CODESYSCODESYS Control Runtime System ToolkitV3 < V3.5.18.20affected
CODESYSCODESYS Embedded Target Visu ToolkitV3 < V3.5.18.20affected
CODESYSCODESYS Remote Target Visu ToolkitV3 < V3.5.18.20affected
CODESYSCODESYS Control for BeagleBone SLV3 < V4.5.0.0affected
CODESYSCODESYS Control for Beckhoff CX9020 SLV3 < V4.5.0.0affected
CODESYSCODESYS Control for emPC-A/iMX6 SLV3 < V4.5.0.0affected
CODESYSCODESYS Control for IOT2000 SLV3 < V4.5.0.0affected
CODESYSCODESYS Control for Linux SLV3 < V4.5.0.0affected
CODESYSCODESYS Control for PFC100 SLV3 < V4.5.0.0affected
CODESYSCODESYS Control for PFC200 SLV3 < V4.5.0.0affected
CODESYSCODESYS Control for PLCnext SLV3 < V4.5.0.0affected
CODESYSCODESYS Control for Raspberry Pi SLV3 < V4.5.0.0affected
CODESYSCODESYS Control for WAGO Touch Panels 600 SLV3 < V4.5.0.0affected
CODESYSCODESYS Edge Gateway for LinuxV3 < V4.5.0.0affected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

References