CVE-2022-22518 - OpenCVE

A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Codesys	Control For Beckhoff Cx9020 Control For Linux Sl Control For Pfc200 Sl Control For Wago Touch Panels 600 Sl Control For Raspberry Pi Sl Control For Iot2000 Sl Control For Beaglebone Sl Control Runtime System Toolkit Control For Empc-a\/imx6 Sl Control For Pfc100 Sl

Configuration 1 [-]

OR	cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::
	cpe:2.3:a:codesys:control_for_beckhoff_cx9020::::::::
	cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::
	cpe:2.3:a:codesys:control_for_iot2000_sl::::::::
	cpe:2.3:a:codesys:control_for_linux_sl::::::::
	cpe:2.3:a:codesys:control_for_pfc100_sl::::::::
	cpe:2.3:a:codesys:control_for_pfc200_sl::::::::
	cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::
	cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::
	cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::

References

Link	Resource
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17092&token=a556b1695843bb42084dc63d5bdf553ca02ea393&download=	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: CERTVDE

Published: 2022-04-06T00:00:00

Updated: 2022-05-12T07:45:30

Reserved: 2022-01-03T00:00:00

Link: CVE-2022-22518

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-04-07T19:15:08.357

Modified: 2022-05-12T19:42:28.817

Link: CVE-2022-22518

JSON object: View

Redhat Information

No data.

CWE

CWE-276

{"containers": {"cna": {"affected": [{"product": "CODESYS Control for BeagleBone SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.5.0.0", "status": "affected", "version": "V4.5.0.0", "versionType": "custom"}]}, {"product": "CODESYS Control for Beckhoff CX9020 SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.5.0.0", "status": "affected", "version": "V4.5.0.0", "versionType": "custom"}]}, {"product": "CODESYS Control for emPC-A/iMX6 SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.5.0.0", "status": "affected", "version": "V4.5.0.0", "versionType": "custom"}]}, {"product": "CODESYS Control for IOT2000 SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.5.0.0", "status": "affected", "version": "V4.5.0.0", "versionType": "custom"}]}, {"product": "CODESYS Control for Linux SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.5.0.0", "status": "affected", "version": "V4.5.0.0", "versionType": "custom"}]}, {"product": "CODESYS Control for PFC100 SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.5.0.0", "status": "affected", "version": "V4.5.0.0", "versionType": "custom"}]}, {"product": "CODESYS Control for PFC200 SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.5.0.0", "status": "affected", "version": "V4.5.0.0", "versionType": "custom"}]}, {"product": "CODESYS Control for Raspberry Pi SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.5.0.0", "status": "affected", "version": "V4.5.0.0", "versionType": "custom"}]}, {"product": "CODESYS Control for WAGO Touch Panels 600 SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.5.0.0", "status": "affected", "version": "V4.5.0.0", "versionType": "custom"}]}, {"product": "CODESYS Control Runtime System Toolkit", "vendor": "CODESYS", "versions": [{"lessThan": "V3.5.18.0", "status": "affected", "version": "V3.5.18.0", "versionType": "custom"}]}], "datePublic": "2022-04-06T00:00:00", "descriptions": [{"lang": "en", "value": "A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-12T07:45:30", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17092&token=a556b1695843bb42084dc63d5bdf553ca02ea393&download="}], "source": {"discovery": "UNKNOWN"}, "title": "A bug in the CODESYS V3 CmpUserMgr component fails to correctly apply a security policy.", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2022-04-06T10:00:00.000Z", "ID": "CVE-2022-22518", "STATE": "PUBLIC", "TITLE": "A bug in the CODESYS V3 CmpUserMgr component fails to correctly apply a security policy."}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CODESYS Control for BeagleBone SL", "version": {"version_data": [{"version_affected": "<", "version_name": "V4.5.0.0", "version_value": "V4.5.0.0"}]}}, {"product_name": "CODESYS Control for Beckhoff CX9020 SL", "version": {"version_data": [{"version_affected": "<", "version_name": "V4.5.0.0", "version_value": "V4.5.0.0"}]}}, {"product_name": "CODESYS Control for emPC-A/iMX6 SL", "version": {"version_data": [{"version_affected": "<", "version_name": "V4.5.0.0", "version_value": "V4.5.0.0"}]}}, {"product_name": "CODESYS Control for IOT2000 SL", "version": {"version_data": [{"version_affected": "<", "version_name": "V4.5.0.0", "version_value": "V4.5.0.0"}]}}, {"product_name": "CODESYS Control for Linux SL", "version": {"version_data": [{"version_affected": "<", "version_name": "V4.5.0.0", "version_value": "V4.5.0.0"}]}}, {"product_name": "CODESYS Control for PFC100 SL", "version": {"version_data": [{"version_affected": "<", "version_name": "V4.5.0.0", "version_value": "V4.5.0.0"}]}}, {"product_name": "CODESYS Control for PFC200 SL", "version": {"version_data": [{"version_affected": "<", "version_name": "V4.5.0.0", "version_value": "V4.5.0.0"}]}}, {"product_name": "CODESYS Control for Raspberry Pi SL", "version": {"version_data": [{"version_affected": "<", "version_name": "V4.5.0.0", "version_value": "V4.5.0.0"}]}}, {"product_name": "CODESYS Control for WAGO Touch Panels 600 SL", "version": {"version_data": [{"version_affected": "<", "version_name": "V4.5.0.0", "version_value": "V4.5.0.0"}]}}, {"product_name": "CODESYS Control Runtime System Toolkit", "version": {"version_data": [{"version_affected": "<", "version_name": "V3.5.18.0", "version_value": "V3.5.18.0"}]}}]}, "vendor_name": "CODESYS"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-276 Incorrect Default Permissions"}]}]}, "references": {"reference_data": [{"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17092&token=a556b1695843bb42084dc63d5bdf553ca02ea393&download=", "refsource": "CONFIRM", "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17092&token=a556b1695843bb42084dc63d5bdf553ca02ea393&download="}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2022-22518", "datePublished": "2022-04-06T00:00:00", "dateReserved": "2022-01-03T00:00:00", "dateUpdated": "2022-05-12T07:45:30", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "B6EFFE98-C633-4C31-9FDA-F88C4CE7A04B", "versionEndExcluding": "4.5.0.0", "versionStartIncluding": "4.4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_beckhoff_cx9020:*:*:*:*:*:*:*:*", "matchCriteriaId": "6492A42C-B284-4981-9DA0-6CCDA56987FD", "versionEndExcluding": "4.5.0.0", "versionStartIncluding": "4.4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "471215BE-80E8-4191-BD3A-863E62FDD021", "versionEndExcluding": "4.5.0.0", "versionStartIncluding": "4.4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C97B5A4-BCA2-4B0F-9A06-676F0AA0D55A", "versionEndExcluding": "4.5.0.0", "versionStartIncluding": "4.4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "E50B1160-AC34-435E-8761-92AD66CC20BF", "versionEndExcluding": "4.5.0.0", "versionStartIncluding": "4.4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC0DF7A9-11CA-4622-8C9F-89AB063E26D2", "versionEndExcluding": "4.5.0.0", "versionStartIncluding": "4.4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "1320EE2C-DE77-4E23-A7C6-0579886C83B7", "versionEndExcluding": "4.5.0.0", "versionStartIncluding": "4.4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "D57C6EB7-AF27-4FEF-9202-4235D28CEA9B", "versionEndExcluding": "4.5.0.0", "versionStartIncluding": "4.4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "96A593C8-0EFE-46F1-B80C-F2FB909FC890", "versionEndExcluding": "4.5.0.0", "versionStartIncluding": "4.4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9D653AF-79DA-4975-973D-1054069A5D13", "versionEndExcluding": "3.5.18.0", "versionStartIncluding": "3.5.17.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy."}, {"lang": "es", "value": "Un error en el componente CmpUserMgr puede conllevar a una aplicaci\u00f3n parcial de las pol\u00edticas de seguridad. Esto puede resultar en un acceso habilitado y an\u00f3nimo a componentes que forman parte de la pol\u00edtica de seguridad aplicada"}], "id": "CVE-2022-22518", "lastModified": "2022-05-12T19:42:28.817", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "info@cert.vde.com", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2022-04-07T19:15:08.357", "references": [{"source": "info@cert.vde.com", "tags": ["Vendor Advisory"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17092&token=a556b1695843bb42084dc63d5bdf553ca02ea393&download="}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-276"}], "source": "info@cert.vde.com", "type": "Secondary"}]}