CVE-2022-22514

EPSS 0.68%
Published 07.04.2022 19:15:08
Last modified 21.11.2024 06:46:56
Source info@cert.vde.com
Teams watchlist Login
Open Login

An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.

Affected products Warnungen 0 Metrics 4 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Codesys ≫ Control For Beaglebone Sl Version < 4.5.0.0

Codesys ≫ Control For Beckhoff Cx9020 Version < 4.5.0.0

Codesys ≫ Control For Empc-a/imx6 Sl Version < 4.5.0.0

Codesys ≫ Control For Iot2000 Sl Version < 4.5.0.0

Codesys ≫ Control For Linux Sl Version < 4.5.0.0

Codesys ≫ Control For Pfc100 Sl Version < 4.5.0.0

Codesys ≫ Control For Pfc200 Sl Version < 4.5.0.0

Codesys ≫ Control For Plcnext Sl Version < 4.5.0.0

Codesys ≫ Control For Raspberry Pi Sl Version < 4.5.0.0

Codesys ≫ Control For Wago Touch Panels 600 Sl Version < 4.5.0.0

Codesys ≫ Control Rte Sl Version < 3.5.18.0

Codesys ≫ Control Rte Sl (for Beckhoff Cx) Version < 3.5.18.0

Codesys ≫ Control Runtime System Toolkit Version < 3.5.18.0

Codesys ≫ Control Win Sl Version < 3.5.18.0

Codesys ≫ Development System Version >= 3.0 < 3.5.18.0

Codesys ≫ Edge Gateway SwPlatformwindows Version < 3.5.18.0

Codesys ≫ Edge Gateway SwPlatformlinux Version < 4.5.0.0

Codesys ≫ Embedded Target Visu Toolkit Version < 3.5.18.0

Codesys ≫ Gateway Version < 3.5.18.0

Codesys ≫ Hmi Sl Version < 3.5.18.0

Codesys ≫ Remote Target Visu Toolkit Version < 3.5.18.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.68%	0.707

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.1	2.8	4.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
nvd@nist.gov	4.9	6.8	4.9	AV:N/AC:M/Au:S/C:N/I:P/A:P
info@cert.vde.com	7.1	2.8	4.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-822 Untrusted Pointer Dereference

The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download=

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-22514

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-22514

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-22514

EUVD