CVE-2022-47382

Summary

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Affected Software

VendorProductVersion RangeStatus
CODESYSCODESYS Control RTE (SL)V0.0.0.0 < V3.5.19.0affected
CODESYSCODESYS Control RTE (for Beckhoff CX) SLV0.0.0.0 < V3.5.19.0affected
CODESYSCODESYS Control Win (SL)V0.0.0.0 < V3.5.19.0affected
CODESYSCODESYS Control Runtime System ToolkitV0.0.0.0 < V3.5.19.0affected
CODESYSCODESYS Safety SIL2 Runtime ToolkitV0.0.0.0 < V3.5.19.0affected
CODESYSCODESYS Safety SIL2 PSPV0.0.0.0 < V3.5.19.0affected
CODESYSCODESYS HMI (SL)V0.0.0.0 < V3.5.19.0affected
CODESYSCODESYS Development System V3V0.0.0.0 < V3.5.19.0affected
CODESYSCODESYS Control for BeagleBone SLV0.0.0.0 < V4.8.0.0affected
CODESYSCODESYS Control for emPC-A/iMX6 SLV0.0.0.0 < V4.8.0.0affected
CODESYSCODESYS Control for IOT2000 SLV0.0.0.0 < V4.8.0.0affected
CODESYSCODESYS Control for Linux SLV0.0.0.0 < V4.8.0.0affected
CODESYSCODESYS Control for PFC100 SLV0.0.0.0 < V4.8.0.0affected
CODESYSCODESYS Control for PFC200 SLV0.0.0.0 < V4.8.0.0affected
CODESYSCODESYS Control for PLCnext SLV0.0.0.0 < V4.8.0.0affected
CODESYSCODESYS Control for Raspberry Pi SLV0.0.0.0 < V4.8.0.0affected
CODESYSCODESYS Control for WAGO Touch Panels 600 SLV0.0.0.0 < V4.8.0.0affected

Weaknesses

  • CWE-787: CWE-787 Out-of-bounds Write

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References