Vulnerability-Lookup - Search a vulnerability

All the vulnerabilites related to CODESYS - Control Win (SL)

cve-2022-4224

Vulnerability from cvelistv5

Published
2023-03-23 11:15
Modified
2024-08-03 01:34
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
CODESYS: Exposure of Resource to Wrong Sphere in CODESYS V3
References
▼	URL	Tags
	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17553&token=cf49757d232ea8021f0c0dd6c65e71ea5942b12d&download=
Impacted products
▼	Vendor	Product
	CODESYS	Control RTE (SL)
	CODESYS	Control RTE (for Beckhoff CX) SL
	CODESYS	Control Win (SL)
	CODESYS	Runtime Toolkit
	CODESYS	Safety SIL2 Runtime Toolkit
	CODESYS	Safety SIL2 PSP
	CODESYS	HMI (SL)
	CODESYS	Development System V3
	CODESYS	Control for BeagleBone SL
	CODESYS	Control for emPC-A/iMX6 SL
	CODESYS	Control for IOT2000 SL
	CODESYS	Control for Linux SL
	CODESYS	Control for PFC100 SL
	CODESYS	Control for PFC200 SL
	CODESYS	Control for PLCnext SL
	CODESYS	Control for Raspberry Pi SL
	CODESYS	Control for WAGO Touch Panels 600 SL
Show details on NVD website
JSON
To clipboard
{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:34:49.591Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17553\u0026token=cf49757d232ea8021f0c0dd6c65e71ea5942b12d\u0026download="
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Control RTE (SL) ",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "3.5.19.0",
              "status": "affected",
              "version": "3.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control RTE (for Beckhoff CX) SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "3.5.19.0",
              "status": "affected",
              "version": "3.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control Win (SL)",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "3.5.19.0",
              "status": "affected",
              "version": "3.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": " Runtime Toolkit ",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "3.5.19.0",
              "status": "affected",
              "version": "3.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Safety SIL2 Runtime Toolkit",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "3.5.19.0",
              "status": "affected",
              "version": "3.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Safety SIL2 PSP",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "3.5.19.0",
              "status": "affected",
              "version": "3.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HMI (SL) ",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "3.5.19.0",
              "status": "affected",
              "version": "3.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Development System V3",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "3.5.19.0",
              "status": "affected",
              "version": "3.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": " Control for BeagleBone SL ",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.8.0.0",
              "status": "affected",
              "version": "3.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control for emPC-A/iMX6 SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.8.0.0",
              "status": "affected",
              "version": "3.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control for IOT2000 SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.8.0.0",
              "status": "affected",
              "version": "3.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control for Linux SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.8.0.0",
              "status": "affected",
              "version": "3.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": " Control for PFC100 SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.8.0.0",
              "status": "affected",
              "version": "3.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": " Control for PFC200 SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.8.0.0",
              "status": "affected",
              "version": "3.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control for PLCnext SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.8.0.0",
              "status": "affected",
              "version": "3.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control for Raspberry Pi SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.8.0.0",
              "status": "affected",
              "version": "3.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Control for WAGO Touch Panels 600 SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "4.8.0.0",
              "status": "affected",
              "version": "3.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Franklin Zhao from ELEX FEIGONG RESEARCH INSTITUTE of Elex CyberSecurity"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Reid Wightman of Dragos"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In multiple products of CODESYS v3 in multiple versions a remote low privileged user\u0026nbsp;could utilize this vulnerability to read and modify system files and OS resources or DoS the device."
            }
          ],
          "value": "In multiple products of CODESYS v3 in multiple versions a remote low privileged user\u00a0could utilize this vulnerability to read and modify system files and OS resources or DoS the device."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1188",
              "description": "CWE-1188 Insecure Default Initialization of Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-09T10:47:13.144Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17553\u0026token=cf49757d232ea8021f0c0dd6c65e71ea5942b12d\u0026download="
        }
      ],
      "source": {
        "defect": [
          "CERT@VDE#64318"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "CODESYS:  Exposure of Resource to Wrong Sphere in CODESYS V3",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2022-4224",
    "datePublished": "2023-03-23T11:15:37.014Z",
    "dateReserved": "2022-11-30T06:54:13.183Z",
    "dateUpdated": "2024-08-03T01:34:49.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}