CVE-2022-4224
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
23/03/2023
Last modified:
01/02/2024
Description
In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:* | 3.0 (including) | 4.8.0.0 (excluding) |
| cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl:*:*:*:*:*:*:*:* | 3.0 (including) | 4.8.0.0 (excluding) |
| cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:* | 3.0 (including) | 4.8.0.0 (excluding) |
| cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:* | 3.0 (including) | 4.8.0.0 (excluding) |
| cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:* | 3.0 (including) | 4.8.0.0 (excluding) |
| cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:* | 3.0 (including) | 4.8.0.0 (excluding) |
| cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:* | 3.0 (including) | 4.8.0.0 (excluding) |
| cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:* | 3.0 (including) | 4.8.0.0 (excluding) |
| cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:* | 3.0 (including) | 4.8.0.0 (excluding) |
| cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:* | 3.0 (including) | 3.5.19.0 (excluding) |
| cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\):*:*:*:*:*:*:*:* | 3.0 (including) | 3.5.19.0 (excluding) |
| cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:* | 3.0 (including) | 3.5.19.0 (excluding) |
| cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:* | 3.0 (including) | 3.5.19.0 (excluding) |
| cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:* | 3.0 (including) | 3.5.19.0 (excluding) |
| cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:*:* | 3.0 (including) | 3.5.19.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page