CVE-2022-32143 (GCVE-0-2022-32143)

Vulnerability from cvelistv5 – Published: 2022-06-24 07:46 – Updated: 2024-09-16 17:28
VLAI?
Summary
In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required
Severity ?
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
Vendor Product Version
CODESYS Runtime Toolkit Affected: V2 , < V2.4.7.57 (custom)
Create a notification for this product.
    CODESYS PLCWinNT Affected: V2 , < V2.4.7.57 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:32:55.974Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17139\u0026token=ec67d15a433b61c77154166c20c78036540cacb0\u0026download="
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32 bit"
          ],
          "product": "Runtime Toolkit",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V2.4.7.57",
              "status": "affected",
              "version": "V2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "PLCWinNT",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V2.4.7.57",
              "status": "affected",
              "version": "V2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-06-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552 Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-24T07:46:30",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17139\u0026token=ec67d15a433b61c77154166c20c78036540cacb0\u0026download="
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "CODESYS runtime system prone to directory acces",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2022-06-15T08:12:00.000Z",
          "ID": "CVE-2022-32143",
          "STATE": "PUBLIC",
          "TITLE": "CODESYS runtime system prone to directory acces"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Runtime Toolkit",
                      "version": {
                        "version_data": [
                          {
                            "platform": "32 bit",
                            "version_affected": "\u003c",
                            "version_name": "V2",
                            "version_value": "V2.4.7.57"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "PLCWinNT",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "V2",
                            "version_value": "V2.4.7.57"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "CODESYS"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-552 Files or Directories Accessible to External Parties"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17139\u0026token=ec67d15a433b61c77154166c20c78036540cacb0\u0026download=",
              "refsource": "CONFIRM",
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17139\u0026token=ec67d15a433b61c77154166c20c78036540cacb0\u0026download="
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2022-32143",
    "datePublished": "2022-06-24T07:46:30.133019Z",
    "dateReserved": "2022-05-31T00:00:00",
    "dateUpdated": "2024-09-16T17:28:17.867Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:codesys:plcwinnt:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.0\", \"versionEndExcluding\": \"2.4.7.57\", \"matchCriteriaId\": \"2B26FF87-3FCD-496E-97C5-A1E4F6AACCB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:x86:*\", \"versionStartIncluding\": \"2.0\", \"versionEndExcluding\": \"2.4.7.57\", \"matchCriteriaId\": \"CF74E74E-4EF8-4C84-A9A1-612AB7FC88BA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required\"}, {\"lang\": \"es\", \"value\": \"En Diversos productos CODESYS, la funci\\u00f3n de descarga y carga de archivos permite el acceso a archivos internos en el directorio de trabajo, por ejemplo, archivos de firmware del PLC. Todas las peticiones son procesadas en el controlador s\\u00f3lo si no presenta una contrase\\u00f1a de nivel 1 configurada en el controlador o si el atacante remoto ha sido autenticado previamente con \\u00e9xito en el controlador. Un ataque con \\u00e9xito puede conllevar a una denegaci\\u00f3n de servicio, la modificaci\\u00f3n de los archivos locales o un filtrado de informaci\\u00f3n confidencial. No es requerida una interacci\\u00f3n del usuario\"}]",
      "id": "CVE-2022-32143",
      "lastModified": "2024-11-21T07:05:50.140",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"info@cert.vde.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-06-24T08:15:08.167",
      "references": "[{\"url\": \"https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17139\u0026token=ec67d15a433b61c77154166c20c78036540cacb0\u0026download=\", \"source\": \"info@cert.vde.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17139\u0026token=ec67d15a433b61c77154166c20c78036540cacb0\u0026download=\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "info@cert.vde.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"info@cert.vde.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-552\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-32143\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2022-06-24T08:15:08.167\",\"lastModified\":\"2024-11-21T07:05:50.140\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required\"},{\"lang\":\"es\",\"value\":\"En Diversos productos CODESYS, la funci\u00f3n de descarga y carga de archivos permite el acceso a archivos internos en el directorio de trabajo, por ejemplo, archivos de firmware del PLC. Todas las peticiones son procesadas en el controlador s\u00f3lo si no presenta una contrase\u00f1a de nivel 1 configurada en el controlador o si el atacante remoto ha sido autenticado previamente con \u00e9xito en el controlador. Un ataque con \u00e9xito puede conllevar a una denegaci\u00f3n de servicio, la modificaci\u00f3n de los archivos locales o un filtrado de informaci\u00f3n confidencial. No es requerida una interacci\u00f3n del usuario\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-552\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:plcwinnt:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0\",\"versionEndExcluding\":\"2.4.7.57\",\"matchCriteriaId\":\"2B26FF87-3FCD-496E-97C5-A1E4F6AACCB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:x86:*\",\"versionStartIncluding\":\"2.0\",\"versionEndExcluding\":\"2.4.7.57\",\"matchCriteriaId\":\"CF74E74E-4EF8-4C84-A9A1-612AB7FC88BA\"}]}]}],\"references\":[{\"url\":\"https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17139\u0026token=ec67d15a433b61c77154166c20c78036540cacb0\u0026download=\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17139\u0026token=ec67d15a433b61c77154166c20c78036540cacb0\u0026download=\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.