CVE-2022-47391 - OpenCVE

In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Codesys	Control For Linux Sl Control For Plcnext Sl Control For Pfc200 Sl Control For Wago Touch Panels 600 Sl Control Win \(sl\) Control Rte \(sl\) Control Rte \(for Beckhoff Cx\) Sl Control For Raspberry Pi Sl Control For Iot2000 Sl Control For Beaglebone Sl Control Runtime System Toolkit Control For Empc-a\/imx6 Sl Hmi \(sl\) Control For Pfc100 Sl

Configuration 1 [-]

OR	cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::
	cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::
	cpe:2.3:a:codesys:control_for_iot2000_sl::::::::
	cpe:2.3:a:codesys:control_for_linux_sl::::::::
	cpe:2.3:a:codesys:control_for_pfc100_sl::::::::
	cpe:2.3:a:codesys:control_for_pfc200_sl::::::::
	cpe:2.3:a:codesys:control_for_plcnext_sl::::::::
	cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::
	cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::
	cpe:2.3:a:codesys:control_rte_\(for_beckhoff_cx\)_sl::::::::
	cpe:2.3:a:codesys:control_rte_\(sl\)::::::::
	cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::
	cpe:2.3:a:codesys:control_win_\(sl\)::::::::
	cpe:2.3:a:codesys:hmi_\(sl\)::::::::

References

Link	Resource
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17555&token=212fc7e39bdd260cab6d6ca84333d42f50bcb3da&download=	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: CERTVDE

Published: 2023-05-15T09:59:52.803Z

Updated: 2023-05-15T09:59:52.803Z

Reserved: 2022-12-14T06:03:27.265Z

Link: CVE-2022-47391

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-05-15T10:15:10.390

Modified: 2023-05-24T20:25:29.760

Link: CVE-2022-47391

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-47391", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2022-12-14T06:03:27.265Z", "datePublished": "2023-05-15T09:59:52.803Z", "dateUpdated": "2023-05-15T09:59:52.803Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["CmpDevice"], "product": "CODESYS Control RTE (SL)", "vendor": "CODESYS", "versions": [{"lessThan": "V3.5.19.0", "status": "affected", "version": "V0.0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "modules": ["CmpDevice"], "product": "CODESYS Control RTE (for Beckhoff CX) SL", "vendor": "CODESYS", "versions": [{"lessThan": "V3.5.19.0", "status": "affected", "version": "V0.0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "modules": ["CmpDevice"], "product": "CODESYS Control Win (SL)", "vendor": "CODESYS", "versions": [{"lessThan": "V3.5.19.0", "status": "affected", "version": "V0.0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "modules": ["CmpDevice"], "product": "CODESYS Control Runtime System Toolkit", "vendor": "CODESYS", "versions": [{"lessThan": "V3.5.19.0", "status": "affected", "version": "V0.0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "modules": ["CmpDevice"], "product": "CODESYS Safety SIL2 Runtime Toolkit", "vendor": "CODESYS", "versions": [{"lessThan": "V3.5.19.0", "status": "affected", "version": "V0.0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "modules": ["CmpDevice"], "product": "CODESYS Safety SIL2 PSP", "vendor": "CODESYS", "versions": [{"lessThan": "V3.5.19.0", "status": "affected", "version": "V0.0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "modules": ["CmpDevice"], "product": "CODESYS Edge Gateway for Windows", "vendor": "CODESYS", "versions": [{"lessThan": "V3.5.19.0", "status": "affected", "version": "V0.0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "modules": ["CmpDevice"], "product": "CODESYS Gateway", "vendor": "CODESYS", "versions": [{"lessThan": "V3.5.19.0", "status": "affected", "version": "V0.0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "modules": ["CmpDevice"], "product": "CODESYS HMI (SL)", "vendor": "CODESYS", "versions": [{"lessThan": "V3.5.19.0", "status": "affected", "version": "V0.0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "modules": ["CmpDevice"], "product": "CODESYS Development System V3", "vendor": "CODESYS", "versions": [{"lessThan": "V3.5.19.0", "status": "affected", "version": "V0.0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Control for BeagleBone SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.8.0.0", "status": "affected", "version": "V0.0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Control for emPC-A/iMX6 SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.8.0.0", "status": "affected", "version": "V0.0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Control for IOT2000 SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.8.0.0", "status": "affected", "version": "V0.0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Control for Linux SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.8.0.0", "status": "affected", "version": "V0.0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Control for PFC100 SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.8.0.0", "status": "affected", "version": "V0.0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Control for PFC200 SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.8.0.0", "status": "affected", "version": "V0.0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Control for PLCnext SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.8.0.0", "status": "affected", "version": "V0.0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Control for Raspberry Pi SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.8.0.0", "status": "affected", "version": "V0.0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Control for WAGO Touch Panels 600 SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.8.0.0", "status": "affected", "version": "V0.0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Edge Gateway for Linux", "vendor": "CODESYS", "versions": [{"lessThan": "V4.8.0.0", "status": "affected", "version": "V0.0.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Vladimir Tokarev, Microsoft"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service."}], "value": "In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-05-15T09:59:52.803Z"}, "references": [{"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17555&token=212fc7e39bdd260cab6d6ca84333d42f50bcb3da&download="}], "source": {"discovery": "EXTERNAL"}, "title": "CODESYS: Multiple products prone to Improper Input Validation", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "194E2F1E-C70A-429E-B61C-B70902A6CDA7", "versionEndExcluding": "4.7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "FEFBC44F-0969-4806-AABD-B02DFEBF8F01", "versionEndExcluding": "4.7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C405ECA-126C-4110-A18A-787D11377CE6", "versionEndExcluding": "4.7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "7047C70D-268D-45B7-A095-39B5A8345ACB", "versionEndExcluding": "4.7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "38F84368-415F-4C37-A988-C8DB540F1345", "versionEndExcluding": "4.7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0B6F1D2-8408-4172-B3E9-7C276CC71433", "versionEndExcluding": "4.7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "94383C92-CBC7-4941-B06C-00D889316FEF", "versionEndExcluding": "4.7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "1785F440-BA92-4F37-9A72-F4AC971B3B8A", "versionEndExcluding": "4.7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "A320BED3-0F2F-45C0-9D74-8A21158B8ED9", "versionEndExcluding": "4.7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_rte_\\(for_beckhoff_cx\\)_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "7BF25557-407B-4FD3-9694-92159C8094B8", "versionEndExcluding": "3.5.18.40", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_rte_\\(sl\\):*:*:*:*:*:*:*:*", "matchCriteriaId": "5BC8B234-3EC0-4737-8E12-CAA349FC7962", "versionEndExcluding": "3.5.18.40", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C5905D5-B99C-4995-BEC7-A0E01D9E014B", "versionEndExcluding": "3.5.18.40", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_win_\\(sl\\):*:*:*:*:*:*:*:*", "matchCriteriaId": "34100446-7766-42D7-ACC4-D9C3193797C8", "versionEndExcluding": "3.5.18.40", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:hmi_\\(sl\\):*:*:*:*:*:*:*:*", "matchCriteriaId": "2C7CEA77-B831-4047-BA85-B587DDF25C7C", "versionEndExcluding": "3.5.18.40", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service."}], "id": "CVE-2022-47391", "lastModified": "2023-05-24T20:25:29.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "info@cert.vde.com", "type": "Primary"}]}, "published": "2023-05-15T10:15:10.390", "references": [{"source": "info@cert.vde.com", "tags": ["Vendor Advisory"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17555&token=212fc7e39bdd260cab6d6ca84333d42f50bcb3da&download="}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "info@cert.vde.com", "type": "Primary"}]}