CVE-2022-22516

Published: Apr 7, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space.

Affected (4)

Products: Codesys: Control Rte Sl, Control Rte Sl (for Beckhoff Cx), Control Win Sl, Development System

Codesys

4 products

Control Rte Sl

Control Rte Sl (for Beckhoff Cx)

Control Win Sl

Development System

Configuration A

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Codesys Control Rte Sl	Before 3.5.18.0
Codesys Control Rte Sl (for Beckhoff Cx)	Before 3.5.18.0
Codesys Control Win Sl	Before 3.5.18.0
Codesys Development System	Before 3.5.18.0

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17090&token=6cd08b169916366df31388d2e7ba58e7bce93508&download=

Source: info@cert.vde.com

Vendor Advisory

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17090&token=6cd08b169916366df31388d2e7ba58e7bce93508&download=

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.