FKIE_CVE-2022-47388

Vulnerability from fkie_nvd - Published: 2023-05-15 10:15 - Updated: 2025-07-17 13:09
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
References
info@cert.vde.comhttps://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=Vendor Advisory
Impacted products
Vendor Product Version
codesys control_for_beaglebone_sl *
codesys control_for_empc-a\/imx6_sl *
codesys control_for_iot2000_sl *
codesys control_for_linux_sl *
codesys control_for_pfc100_sl *
codesys control_for_pfc200_sl *
codesys control_for_plcnext_sl *
codesys control_for_raspberry_pi_sl *
codesys control_for_wago_touch_panels_600_sl *
codesys control_rte_\(for_beckhoff_cx\)_sl *
codesys control_rte_\(sl\) *
codesys control_runtime_system_toolkit *
codesys control_win_\(sl\) *
codesys development_system_v3 *
codesys hmi_\(sl\) *
codesys safety_sil2_psp *
codesys safety_sil2_runtime_toolkit *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A50DA7-2372-470C-A4DD-29837A4D428A",
              "versionEndExcluding": "4.8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ADC5883-5087-45E0-95E2-3D414C6417DF",
              "versionEndExcluding": "4.8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178B980-82CC-4A30-B278-A4D1F319D678",
              "versionEndExcluding": "4.8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AFD0474-DCBC-4F9E-BE1B-7BDCCB9D801F",
              "versionEndExcluding": "4.8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61D99F13-9297-4812-90AD-3EB43276D344",
              "versionEndExcluding": "4.8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5F2E302-39C1-4674-A2BE-A6D1D761B4E2",
              "versionEndExcluding": "4.8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF8FBED1-D729-4E07-A644-70D8FC87E965",
              "versionEndExcluding": "4.8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "00EF8A8D-8A5F-4E7B-A14A-BFEE3297E3B5",
              "versionEndExcluding": "4.8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AA9F089-875B-4A90-A818-1BD06602D7E4",
              "versionEndExcluding": "4.8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:control_rte_\\(for_beckhoff_cx\\)_sl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1A18AA8-CDF4-4664-906F-76060AFED925",
              "versionEndExcluding": "3.5.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:control_rte_\\(sl\\):*:*:*:*:*:*:*:*",
              "matchCriteriaId": "725E570C-6F46-4526-90B5-F4CAF70A7688",
              "versionEndExcluding": "3.5.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD993BD6-B52E-4BA7-A7D7-A0EBE7FDEDEF",
              "versionEndExcluding": "3.5.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:control_win_\\(sl\\):*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBA9CDA8-4FA0-4258-B477-D2C8DBDD8B2F",
              "versionEndExcluding": "3.5.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:development_system_v3:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC41CB40-21CD-4621-9B23-9BF8E0AE93E3",
              "versionEndExcluding": "3.5.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:hmi_\\(sl\\):*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C664BC1C-889F-4A54-8E81-AB60B0D4D93B",
              "versionEndExcluding": "3.5.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:safety_sil2_psp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "49220E0D-3DD6-492B-BD58-C4951D7D2B75",
              "versionEndExcluding": "3.5.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:safety_sil2_runtime_toolkit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDF04E45-90A5-47FB-8101-9A56BD4F9C3F",
              "versionEndExcluding": "3.5.19.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution."
    },
    {
      "lang": "es",
      "value": "Un atacante remoto autenticado puede usar una vulnerabilidad de escritura fuera de los l\u00edmites basada en la pila en el componente CmpTraceMgr de m\u00faltiples productos CODESYS en m\u00faltiples versiones para escribir datos en la pila, lo que puede provocar una condici\u00f3n de denegaci\u00f3n de servicio, sobrescritura de memoria o ejecuci\u00f3n remota de c\u00f3digo."
    }
  ],
  "id": "CVE-2022-47388",
  "lastModified": "2025-07-17T13:09:43.000",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "info@cert.vde.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-05-15T10:15:10.157",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17554\u0026token=5444f53b4c90fe37043671a100dffa75305d1825\u0026download="
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17554\u0026token=5444f53b4c90fe37043671a100dffa75305d1825\u0026download="
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.