CVE-2022-22517
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.
Affected (21)
Products: Codesys: Control For Beaglebone Sl, Control For Beckhoff Cx9020, Control For Empc A/imx6 Sl, Control For Iot2000 Sl, Control For Linux Sl, Control For Pfc100 Sl, Control For Pfc200 Sl, Control For Plcnext Sl, Control For Raspberry Pi Sl, Control For Wago Touch Panels 600 Sl, Control Rte Sl, Control Rte Sl (for Beckhoff Cx), Control Runtime System Toolkit, Control Win Sl, Development System, Edge Gateway, Embedded Target Visu Toolkit, Gateway, Hmi Sl, Remote Target Visu Toolkit
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 3.5.18.0 | |
| Before 3.5.18.0 | |
| Before 3.5.18.0 | |
| Before 3.5.18.0 | |
| From 3.0 to 3.5.18.0 | |
| Before 4.5.0.0 | |
| Before 3.5.18.0 | |
| Before 3.5.18.0 | |
| Before 3.5.18.0 | |
| Before 3.5.18.0 |
Related CWEs
CWE-330
Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
CWE-334
Small Space of Random Values
The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks.
References (2)
Source: info@cert.vde.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.