CVE-2022-47392

EPSS 0.27%
Veröffentlicht 15.05.2023 11:15:08
Zuletzt bearbeitet 17.07.2025 13:10:35
Quelle info@cert.vde.com
CVE-Watchlists
Login
Unerledigt
Login

An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Codesys ≫ Control For Beaglebone Sl Version < 4.8.0.0

Codesys ≫ Control For Iot2000 Sl Version < 4.8.0.0

Codesys ≫ Control For Linux Sl Version < 4.8.0.0

Codesys ≫ Control For Pfc100 Sl Version < 4.8.0.0

Codesys ≫ Control For Pfc200 Sl Version < 4.8.0.0

Codesys ≫ Control For Plcnext Sl Version < 4.8.0.0

Codesys ≫ Control For Raspberry Pi Sl Version < 4.8.0.0

Codesys ≫ Control For Wago Touch Panels 600 Sl Version < 4.8.0.0

Codesys ≫ Control Runtime System Toolkit Version < 3.5.19.0

Codesys ≫ Development System V3 Version < 3.5.19.0

Codesys ≫ Safety Sil2 Psp Version < 3.5.19.0

Codesys ≫ Safety Sil2 Runtime Toolkit Version < 3.5.19.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.498

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
info@cert.vde.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-47392

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-47392

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-47392

EUVD