CVE-2022-22515
8.1
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Exploitability: 2.8 / Impact: 5.2
Source: NVD (Secondary)
Description
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.
Affected (18)
Products: Codesys: Control For Beaglebone Sl, Control For Beckhoff Cx9020, Control For Empc A/imx6 Sl, Control For Iot2000 Sl, Control For Linux Sl, Control For Pfc100 Sl, Control For Pfc200 Sl, Control For Plcnext Sl, Control For Raspberry Pi Sl, Control For Wago Touch Panels 600 Sl, Control Rte Sl, Control Rte Sl (for Beckhoff Cx), Control Runtime System Toolkit, Control Win Sl, Development System, Embedded Target Visu Toolkit, Hmi Sl, Remote Target Visu Toolkit
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 3.5.18.0 | |
| Before 3.5.18.0 | |
| Before 3.5.18.0 | |
| Before 3.5.18.0 | |
| From 3.0 to 3.5.18.0 | |
| Before 3.5.18.0 | |
| Before 3.5.18.0 | |
| Before 3.5.18.0 |
References (2)
Source: info@cert.vde.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.