CVE-2022-47391

EPSS 0.47%
Veröffentlicht 15.05.2023 10:15:10
Zuletzt bearbeitet 17.07.2025 13:10:20
Quelle info@cert.vde.com
CVE-Watchlists
Login
Unerledigt
Login

In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Codesys ≫ Control For Beaglebone Sl Version < 4.8.0.0

Codesys ≫ Control For Iot2000 Sl Version < 4.8.0.0

Codesys ≫ Control For Linux Sl Version < 4.8.0.0

Codesys ≫ Control For Pfc100 Sl Version < 4.8.0.0

Codesys ≫ Control For Pfc200 Sl Version < 4.8.0.0

Codesys ≫ Control For Plcnext Sl Version < 4.8.0.0

Codesys ≫ Control For Raspberry Pi Sl Version < 4.8.0.0

Codesys ≫ Control For Wago Touch Panels 600 Sl Version < 4.8.0.0

Codesys ≫ Control Runtime System Toolkit Version < 3.5.19.0

Codesys ≫ Development System V3 Version < 3.5.19.0

Codesys ≫ Safety Sil2 Psp Version < 3.5.19.0

Codesys ≫ Safety Sil2 Runtime Toolkit Version < 3.5.19.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.47%	0.636

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
info@cert.vde.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17555&token=212fc7e39bdd260cab6d6ca84333d42f50bcb3da&download=

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-47391

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-47391

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-47391

EUVD