CVE-2022-30792
Severity CVSS v4.0:
Pending analysis
Type:
CWE-400
Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
11/07/2022
Last modified:
23/09/2022
Description
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:* | 4.5.0.0 (excluding) | |
| cpe:2.3:a:codesys:control_for_empc-a\/imx6:*:*:*:*:*:*:*:* | 4.5.0.0 (excluding) | |
| cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:* | 4.6.0.0 (excluding) | |
| cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:* | 4.5.0.0 (excluding) | |
| cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:* | 4.5.0.0 (excluding) | |
| cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:* | 4.5.0.0 (excluding) | |
| cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:* | 4.6.0.0 (excluding) | |
| cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:* | 4.5.0.0 (excluding) | |
| cpe:2.3:a:codesys:control_for_wago_touch_panels_600:*:*:*:*:*:*:*:* | 4.5.0.0 (excluding) | |
| cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:* | 3.5.18.20 (excluding) | |
| cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\):*:*:*:*:*:*:*:* | 3.5.18.20 (excluding) | |
| cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:* | 3.5.18.20 (excluding) | |
| cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:* | 3.5.18.20 (excluding) | |
| cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:* | 3.5.18.20 (excluding) | |
| cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:* | 3.5.18.20 (excluding) |
To consult the complete list of CPE names with products and versions, see this page