CVE-2022-22510 - OpenCVE

Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via SNMP.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Codesys	Profinet

Configuration 1 [-]

cpe:2.3:a:codesys:profinet:4.2.0.0:*:*:*:*:*:*:*

References

Link	Resource
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17020&token=9acf91a2b5e1719ff71a019e86c3e8e411bfd252&download=	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: CERTVDE

Published: 2022-01-31T00:00:00

Updated: 2022-02-02T12:26:13

Reserved: 2022-01-03T00:00:00

Link: CVE-2022-22510

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-02-02T13:15:08.460

Modified: 2022-02-04T21:45:10.507

Link: CVE-2022-22510

JSON object: View

Redhat Information

No data.

CWE

CWE-476

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "credits": [{"lang": "en", "value": "This vulnerability was found internally."}], "datePublic": "2022-01-31T00:00:00", "descriptions": [{"lang": "en", "value": "Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via SNMP."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-02-02T12:26:13", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17020&token=9acf91a2b5e1719ff71a019e86c3e8e411bfd252&download="}], "solutions": [{"lang": "en", "value": "Update to CODESYS PROFINET V4.2.1.0"}], "source": {"advisory": "Advisory 2022-01", "discovery": "INTERNAL"}, "title": "CODESYS: Null Pointer Dereference in CODESYS PROFINET stack", "workarounds": [{"lang": "en", "value": "CODESYS GmbH recommends using the available software update to fix the vulnerability."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2022-01-31T10:00:00.000Z", "ID": "CVE-2022-22510", "STATE": "PUBLIC", "TITLE": "CODESYS: Null Pointer Dereference in CODESYS PROFINET stack"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "This vulnerability was found internally."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via SNMP."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17020&token=9acf91a2b5e1719ff71a019e86c3e8e411bfd252&download=", "refsource": "CONFIRM", "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17020&token=9acf91a2b5e1719ff71a019e86c3e8e411bfd252&download="}]}, "solution": [{"lang": "en", "value": "Update to CODESYS PROFINET V4.2.1.0"}], "source": {"advisory": "Advisory 2022-01", "discovery": "INTERNAL"}, "work_around": [{"lang": "en", "value": "CODESYS GmbH recommends using the available software update to fix the vulnerability."}]}}}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2022-22510", "datePublished": "2022-01-31T00:00:00", "dateReserved": "2022-01-03T00:00:00", "dateUpdated": "2022-02-02T12:26:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:codesys:profinet:4.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "23ACC8CE-F7CF-4E29-97C3-C9A1959D5D03", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via SNMP."}, {"lang": "es", "value": "Codesys Profinet en versi\u00f3n V4.2.0.0, es propenso a una desreferencia de puntero null que permite un ataque de denegaci\u00f3n de servicio (DoS) de un usuario no autenticado por medio de SNMP"}], "id": "CVE-2022-22510", "lastModified": "2022-02-04T21:45:10.507", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "info@cert.vde.com", "type": "Secondary"}]}, "published": "2022-02-02T13:15:08.460", "references": [{"source": "info@cert.vde.com", "tags": ["Vendor Advisory"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17020&token=9acf91a2b5e1719ff71a019e86c3e8e411bfd252&download="}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}