CVE-2022-22519
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.
Affected (18)
Products: Codesys: Control For Beaglebone Sl, Control For Beckhoff Cx9020, Control For Empc A/imx6 Sl, Control For Iot2000 Sl, Control For Linux Sl, Control For Pfc100 Sl, Control For Pfc200 Sl, Control For Plcnext Sl, Control For Raspberry Pi Sl, Control For Wago Touch Panels 600 Sl, Control Rte Sl, Control Rte Sl (for Beckhoff Cx), Control Runtime System Toolkit, Control Win Sl, Development System, Embedded Target Visu Toolkit, Hmi Sl, Remote Target Visu Toolkit
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 4.5.0.0 | |
| Before 3.5.18.0 | |
| Before 3.5.18.0 | |
| Before 3.5.18.0 | |
| Before 3.5.18.0 | |
| Before 3.5.18.0 | |
| Before 3.5.18.0 | |
| Before 3.5.18.0 | |
| Before 3.5.18.0 |
Related CWEs
References (2)
Source: info@cert.vde.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.