7.5

CVE-2022-30791

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CodesysControl For Beaglebone Version < 4.5.0.0
CodesysControl For Empc-a/imx6 Version < 4.5.0.0
CodesysControl For Iot2000 Sl Version < 4.6.0.0
CodesysControl For Linux Sl Version < 4.5.0.0
CodesysControl For Pfc100 Sl Version < 4.5.0.0
CodesysControl For Pfc200 Sl Version < 4.5.0.0
CodesysControl For Plcnext Version < 4.6.0.0
CodesysControl For Raspberry Pi Sl Version < 4.5.0.0
CodesysControl Rte Sl Version < 3.5.18.20
CodesysControl Rte Sl (for Beckhoff Cx) Version < 3.5.18.20
CodesysControl Runtime System Toolkit Version < 3.5.18.20
CodesysControl Win Version < 3.5.18.20
CodesysDevelopment System Version < 3.5.18.20
CodesysEdge Gateway SwPlatformwindows Version < 3.5.18.20
CodesysEdge Gateway SwPlatformlinux Version < 4.5.0.0
CodesysEmbedded Target Visu Toolkit Version < 3.5.18.20
CodesysGateway Version < 3.5.18.20
CodesysHmi Version < 3.5.18.20
CodesysRemote Target Visu Toolkit Version < 3.5.18.20
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.39% 0.591
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
info@cert.vde.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.