6.5
CVE-2022-47378
- EPSS 0.35%
- Published 15.05.2023 10:15:09
- Last modified 17.07.2025 12:38:13
- Source info@cert.vde.com
- Teams watchlist Login
- Open Login
Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition.
Data is provided by the National Vulnerability Database (NVD)
Codesys ≫ Control For Beaglebone Sl Version < 4.8.0.0
Codesys ≫ Control For Iot2000 Sl Version < 4.8.0.0
Codesys ≫ Control For Linux Sl Version < 4.8.0.0
Codesys ≫ Control For Pfc100 Sl Version < 4.8.0.0
Codesys ≫ Control For Pfc200 Sl Version < 4.8.0.0
Codesys ≫ Control For Plcnext Sl Version < 4.8.0.0
Codesys ≫ Control For Raspberry Pi Sl Version < 4.8.0.0
Codesys ≫ Control For Wago Touch Panels 600 Sl Version < 4.8.0.0
Codesys ≫ Control Runtime System Toolkit Version < 3.5.19.0
Codesys ≫ Development System V3 Version < 3.5.19.0
Codesys ≫ Safety Sil2 Psp Version < 3.5.19.0
Codesys ≫ Safety Sil2 Runtime Toolkit Version < 3.5.19.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.561 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| info@cert.vde.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.