CVE-2022-4046

Summary

In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device.

Affected Software

VendorProductVersion RangeStatus
CODESYSCODESYS Control for BeagleBone SLallaffected
CODESYSCODESYS Control for emPC-A/iMX6 SLallaffected
CODESYSCODESYS Control for IOT2000 SLallaffected
CODESYSCODESYS Control for Linux SLallaffected
CODESYSCODESYS Control for PFC100 SLallaffected
CODESYSCODESYS Control for PFC200 SLallaffected
CODESYSCODESYS Control for PLCnext SLallaffected
CODESYSCODESYS Control for Raspberry Pi SLallaffected
CODESYSCODESYS Control for WAGO Touch Panels 600 SLallaffected
CODESYSCODESYS Control RTE (for Beckhoff CX) SLallaffected
CODESYSCODESYS Control RTE (SL)allaffected
CODESYSCODESYS Control Runtime System Toolkitallaffected
CODESYSCODESYS Control Win (SL)allaffected
CODESYSCODESYS HMI (SL)allaffected

Weaknesses

  • CWE-119: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References