CVE-2022-47391

Summary

In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.

Affected Software

VendorProductVersion RangeStatus
CODESYSCODESYS Control RTE (SL)V0.0.0.0 < V3.5.19.0affected
CODESYSCODESYS Control RTE (for Beckhoff CX) SLV0.0.0.0 < V3.5.19.0affected
CODESYSCODESYS Control Win (SL)V0.0.0.0 < V3.5.19.0affected
CODESYSCODESYS Control Runtime System ToolkitV0.0.0.0 < V3.5.19.0affected
CODESYSCODESYS Safety SIL2 Runtime ToolkitV0.0.0.0 < V3.5.19.0affected
CODESYSCODESYS Safety SIL2 PSPV0.0.0.0 < V3.5.19.0affected
CODESYSCODESYS Edge Gateway for WindowsV0.0.0.0 < V3.5.19.0affected
CODESYSCODESYS GatewayV0.0.0.0 < V3.5.19.0affected
CODESYSCODESYS HMI (SL)V0.0.0.0 < V3.5.19.0affected
CODESYSCODESYS Development System V3V0.0.0.0 < V3.5.19.0affected
CODESYSCODESYS Control for BeagleBone SLV0.0.0.0 < V4.8.0.0affected
CODESYSCODESYS Control for emPC-A/iMX6 SLV0.0.0.0 < V4.8.0.0affected
CODESYSCODESYS Control for IOT2000 SLV0.0.0.0 < V4.8.0.0affected
CODESYSCODESYS Control for Linux SLV0.0.0.0 < V4.8.0.0affected
CODESYSCODESYS Control for PFC100 SLV0.0.0.0 < V4.8.0.0affected
CODESYSCODESYS Control for PFC200 SLV0.0.0.0 < V4.8.0.0affected
CODESYSCODESYS Control for PLCnext SLV0.0.0.0 < V4.8.0.0affected
CODESYSCODESYS Control for Raspberry Pi SLV0.0.0.0 < V4.8.0.0affected
CODESYSCODESYS Control for WAGO Touch Panels 600 SLV0.0.0.0 < V4.8.0.0affected
CODESYSCODESYS Edge Gateway for LinuxV0.0.0.0 < V4.8.0.0affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References