8.8
CVE-2022-4224
- EPSS 0.6%
- Published 23.03.2023 12:15:12
- Last modified 21.11.2024 07:34:49
- Source info@cert.vde.com
- Teams watchlist Login
- Open Login
In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.
Data is provided by the National Vulnerability Database (NVD)
Codesys ≫ Control For Beaglebone Sl Version >= 3.0 < 4.8.0.0
Codesys ≫ Control For Empc-a/imx6 Sl Version >= 3.0 < 4.8.0.0
Codesys ≫ Control For Iot2000 Sl Version >= 3.0 < 4.8.0.0
Codesys ≫ Control For Linux Sl Version >= 3.0 < 4.8.0.0
Codesys ≫ Control For Pfc100 Sl Version >= 3.0 < 4.8.0.0
Codesys ≫ Control For Pfc200 Sl Version >= 3.0 < 4.8.0.0
Codesys ≫ Control For Plcnext Sl Version >= 3.0 < 4.8.0.0
Codesys ≫ Control For Raspberry Pi Sl Version >= 3.0 < 4.8.0.0
Codesys ≫ Control For Wago Touch Panels 600 Sl Version >= 3.0 < 4.8.0.0
Codesys ≫ Control Rte Sl Version >= 3.0 < 3.5.19.0
Codesys ≫ Control Rte Sl (for Beckhoff Cx) Version >= 3.0 < 3.5.19.0
Codesys ≫ Control Win Sl Version >= 3.0 < 3.5.19.0
Codesys ≫ Development System Version >= 3.0 < 3.5.19.0
Codesys ≫ Runtime Toolkit Version >= 3.0 < 3.5.19.0
Codesys ≫ Safety Sil2 Version >= 3.0 < 3.5.19.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.6% | 0.668 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| info@cert.vde.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-1188 Initialization of a Resource with an Insecure Default
The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.