8.1
CVE-2022-22515
- EPSS 0.09%
- Published 07.04.2022 19:15:08
- Last modified 21.11.2024 06:46:56
- Source info@cert.vde.com
- Teams watchlist Login
- Open Login
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.
Data is provided by the National Vulnerability Database (NVD)
Codesys ≫ Control For Beaglebone Sl Version < 4.5.0.0
Codesys ≫ Control For Beckhoff Cx9020 Version < 4.5.0.0
Codesys ≫ Control For Empc-a/imx6 Sl Version < 4.5.0.0
Codesys ≫ Control For Iot2000 Sl Version < 4.5.0.0
Codesys ≫ Control For Linux Sl Version < 4.5.0.0
Codesys ≫ Control For Pfc100 Sl Version < 4.5.0.0
Codesys ≫ Control For Pfc200 Sl Version < 4.5.0.0
Codesys ≫ Control For Plcnext Sl Version < 4.5.0.0
Codesys ≫ Control For Raspberry Pi Sl Version < 4.5.0.0
Codesys ≫ Control For Wago Touch Panels 600 Sl Version < 4.5.0.0
Codesys ≫ Control Rte Sl Version < 3.5.18.0
Codesys ≫ Control Rte Sl (for Beckhoff Cx) Version < 3.5.18.0
Codesys ≫ Control Runtime System Toolkit Version < 3.5.18.0
Codesys ≫ Control Win Sl Version < 3.5.18.0
Codesys ≫ Development System Version >= 3.0 < 3.5.18.0
Codesys ≫ Embedded Target Visu Toolkit Version < 3.5.18.0
Codesys ≫ Remote Target Visu Toolkit Version < 3.5.18.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.268 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 6.8 | 4.9 |
AV:N/AC:M/Au:S/C:P/I:P/A:N
|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
| info@cert.vde.com | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
CWE-668 Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.