6.5

CVE-2022-32136

Codesys runtime systems: Access of uninitialised pointer lead to denial of service.

In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service. User interaction is not required.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CodesysPlcwinnt Version >= 2.0 < 2.4.7.57
CodesysRuntime Toolkit HwPlatformx86 Version >= 2.0 < 2.4.7.57
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.95% 0.566
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
info@cert.vde.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-824 Access of Uninitialized Pointer

The product accesses or uses a pointer that has not been initialized.

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download=
Vendor Advisory
Mitigation