CVE-2022-47392

Summary

An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition.

Affected Software

VendorProductVersion RangeStatus
CODESYSCODESYS Control RTE (SL)V0.0.0.0 < V3.5.19.0affected
CODESYSCODESYS Control RTE (for Beckhoff CX) SLV0.0.0.0 < V3.5.19.0affected
CODESYSCODESYS Control Win (SL)V0.0.0.0 < V3.5.19.0affected
CODESYSCODESYS Control Runtime System ToolkitV0.0.0.0 < V3.5.19.0affected
CODESYSCODESYS Safety SIL2 Runtime ToolkitV0.0.0.0 < V3.5.19.0affected
CODESYSCODESYS Safety SIL2 PSPV0.0.0.0 < V3.5.19.0affected
CODESYSCODESYS HMI (SL)V0.0.0.0 < V3.5.19.0affected
CODESYSCODESYS Development System V3V0.0.0.0 < V3.5.19.0affected
CODESYSCODESYS Control for BeagleBone SLV0.0.0.0 < V4.8.0.0affected
CODESYSCODESYS Control for emPC-A/iMX6 SLV0.0.0.0 < V4.8.0.0affected
CODESYSCODESYS Control for IOT2000 SLV0.0.0.0 < V4.8.0.0affected
CODESYSCODESYS Control for Linux SLV0.0.0.0 < V4.8.0.0affected
CODESYSCODESYS Control for PFC100 SLV0.0.0.0 < V4.8.0.0affected
CODESYSCODESYS Control for PFC200 SLV0.0.0.0 < V4.8.0.0affected
CODESYSCODESYS Control for PLCnext SLV0.0.0.0 < V4.8.0.0affected
CODESYSCODESYS Control for Raspberry Pi SLV0.0.0.0 < V4.8.0.0affected
CODESYSCODESYS Control for WAGO Touch Panels 600 SLV0.0.0.0 < V4.8.0.0affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References