CVE-2022-4224 - OpenCVE

In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Codesys	Control For Linux Sl Control For Plcnext Sl Control Rte Sl Control For Pfc200 Sl Control For Wago Touch Panels 600 Sl Control For Raspberry Pi Sl Control For Iot2000 Sl Control For Beaglebone Sl Safety Sil2 Control Rte Sl \(for Beckhoff Cx\) Runtime Toolkit Control For Empc-a\/imx6 Sl Development System Hmi Sl Control Win Sl Control For Pfc100 Sl

Configuration 1 [-]

OR	cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::
	cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::
	cpe:2.3:a:codesys:control_for_iot2000_sl::::::::
	cpe:2.3:a:codesys:control_for_linux_sl::::::::
	cpe:2.3:a:codesys:control_for_pfc100_sl::::::::
	cpe:2.3:a:codesys:control_for_pfc200_sl::::::::
	cpe:2.3:a:codesys:control_for_plcnext_sl::::::::
	cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::
	cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::
	cpe:2.3:a:codesys:control_rte_sl::::::::
	cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\)::::::::
	cpe:2.3:a:codesys:control_win_sl::::::::
	cpe:2.3:a:codesys:development_system::::::::
	cpe:2.3:a:codesys:hmi_sl::::::::
	cpe:2.3:a:codesys:runtime_toolkit::::::::
	cpe:2.3:a:codesys:safety_sil2::::::::

References

Link	Resource
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17553&token=cf49757d232ea8021f0c0dd6c65e71ea5942b12d&download=	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: CERTVDE

Published: 2023-03-23T11:15:37.014Z

Updated: 2023-08-09T10:47:13.144Z

Reserved: 2022-11-30T06:54:13.183Z

Link: CVE-2022-4224

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-03-23T12:15:12.990

Modified: 2024-02-01T15:11:55.377

Link: CVE-2022-4224

JSON object: View

Redhat Information

No data.

CWE

CWE-1188

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-4224", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2022-11-30T06:54:13.183Z", "datePublished": "2023-03-23T11:15:37.014Z", "dateUpdated": "2023-08-09T10:47:13.144Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Control RTE (SL) ", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.19.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Control RTE (for Beckhoff CX) SL", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.19.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Control Win (SL)", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.19.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": " Runtime Toolkit ", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.19.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Safety SIL2 Runtime Toolkit", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.19.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Safety SIL2 PSP", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.19.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "HMI (SL) ", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.19.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Development System V3", "vendor": "CODESYS", "versions": [{"lessThan": "3.5.19.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": " Control for BeagleBone SL ", "vendor": "CODESYS", "versions": [{"lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Control for emPC-A/iMX6 SL", "vendor": "CODESYS", "versions": [{"lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Control for IOT2000 SL", "vendor": "CODESYS", "versions": [{"lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Control for Linux SL", "vendor": "CODESYS", "versions": [{"lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": " Control for PFC100 SL", "vendor": "CODESYS", "versions": [{"lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": " Control for PFC200 SL", "vendor": "CODESYS", "versions": [{"lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Control for PLCnext SL", "vendor": "CODESYS", "versions": [{"lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Control for Raspberry Pi SL", "vendor": "CODESYS", "versions": [{"lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Control for WAGO Touch Panels 600 SL", "vendor": "CODESYS", "versions": [{"lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Franklin Zhao from ELEX FEIGONG RESEARCH INSTITUTE of Elex CyberSecurity"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Reid Wightman of Dragos"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device."}], "value": "In multiple products of CODESYS v3 in multiple versions a remote low privileged user\u00a0could utilize this vulnerability to read and modify system files and OS resources or DoS the device."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1188", "description": "CWE-1188 Insecure Default Initialization of Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-08-09T10:47:13.144Z"}, "references": [{"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17553&token=cf49757d232ea8021f0c0dd6c65e71ea5942b12d&download="}], "source": {"defect": ["CERT@VDE#64318"], "discovery": "EXTERNAL"}, "title": "CODESYS: Exposure of Resource to Wrong Sphere in CODESYS V3", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "40CAED29-E204-459D-8AFC-F814E68FAB9A", "versionEndExcluding": "4.8.0.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5E9691E-E67A-4D59-9152-3731DD381CF4", "versionEndExcluding": "4.8.0.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5FC8BEB-DB37-4486-BAFD-16B82F331F9C", "versionEndExcluding": "4.8.0.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2821B72-748A-4B3E-BD8B-E55C92A1A166", "versionEndExcluding": "4.8.0.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "680C2604-3774-43D2-9DDE-38A0F593BFF3", "versionEndExcluding": "4.8.0.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "D4B2CB47-68F3-4C17-8D61-88F655CF19ED", "versionEndExcluding": "4.8.0.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E3514C8-F513-4576-8F6D-DDB193E3B947", "versionEndExcluding": "4.8.0.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "5059640A-05F0-4D59-9682-BC09F155527C", "versionEndExcluding": "4.8.0.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7D13CFF-F753-430B-9E03-F3F24066B529", "versionEndExcluding": "4.8.0.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "C27B4D20-FDE3-4003-97BD-F43EE147AD6A", "versionEndExcluding": "3.5.19.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*", "matchCriteriaId": "63A8AFF5-3CC8-43FA-A9D3-A6A53FAF15FC", "versionEndExcluding": "3.5.19.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1A44FED-CFBB-454A-B8E8-FC11A996488F", "versionEndExcluding": "3.5.19.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "8297903A-80E1-4FA7-B552-672B94B6B6B4", "versionEndExcluding": "3.5.19.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "57C60464-F6BB-431A-AD96-32B07FD99948", "versionEndExcluding": "3.5.19.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "0032B82B-21B9-4006-A7E4-CD5B92962136", "versionEndExcluding": "3.5.19.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7181873-775F-43A6-BDBB-DBB2879C7D4D", "versionEndExcluding": "3.5.19.0", "versionStartIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In multiple products of CODESYS v3 in multiple versions a remote low privileged user\u00a0could utilize this vulnerability to read and modify system files and OS resources or DoS the device."}], "id": "CVE-2022-4224", "lastModified": "2024-02-01T15:11:55.377", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Secondary"}]}, "published": "2023-03-23T12:15:12.990", "references": [{"source": "info@cert.vde.com", "tags": ["Vendor Advisory"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17553&token=cf49757d232ea8021f0c0dd6c65e71ea5942b12d&download="}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1188"}], "source": "info@cert.vde.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-1188"}], "source": "nvd@nist.gov", "type": "Secondary"}]}