CVE-2022-22518
A bug in the CODESYS V3 CmpUserMgr component fails to correctly apply a security policy.
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy.
Un error en el componente CmpUserMgr puede conllevar a una aplicación parcial de las políticas de seguridad. Esto puede resultar en un acceso habilitado y anónimo a componentes que forman parte de la política de seguridad aplicada
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-01-03 CVE Reserved
- 2022-04-07 CVE Published
- 2023-10-29 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-276: Incorrect Default Permissions
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Codesys Search vendor "Codesys" | Control For Beaglebone Sl Search vendor "Codesys" for product "Control For Beaglebone Sl" | >= 4.4.0.0 < 4.5.0.0 Search vendor "Codesys" for product "Control For Beaglebone Sl" and version " >= 4.4.0.0 < 4.5.0.0" | - |
Affected
| ||||||
| Codesys Search vendor "Codesys" | Control For Beckhoff Cx9020 Search vendor "Codesys" for product "Control For Beckhoff Cx9020" | >= 4.4.0.0 < 4.5.0.0 Search vendor "Codesys" for product "Control For Beckhoff Cx9020" and version " >= 4.4.0.0 < 4.5.0.0" | - |
Affected
| ||||||
| Codesys Search vendor "Codesys" | Control For Empc-a\/imx6 Sl Search vendor "Codesys" for product "Control For Empc-a\/imx6 Sl" | >= 4.4.0.0 < 4.5.0.0 Search vendor "Codesys" for product "Control For Empc-a\/imx6 Sl" and version " >= 4.4.0.0 < 4.5.0.0" | - |
Affected
| ||||||
| Codesys Search vendor "Codesys" | Control For Iot2000 Sl Search vendor "Codesys" for product "Control For Iot2000 Sl" | >= 4.4.0.0 < 4.5.0.0 Search vendor "Codesys" for product "Control For Iot2000 Sl" and version " >= 4.4.0.0 < 4.5.0.0" | - |
Affected
| ||||||
| Codesys Search vendor "Codesys" | Control For Linux Sl Search vendor "Codesys" for product "Control For Linux Sl" | >= 4.4.0.0 < 4.5.0.0 Search vendor "Codesys" for product "Control For Linux Sl" and version " >= 4.4.0.0 < 4.5.0.0" | - |
Affected
| ||||||
| Codesys Search vendor "Codesys" | Control For Pfc100 Sl Search vendor "Codesys" for product "Control For Pfc100 Sl" | >= 4.4.0.0 < 4.5.0.0 Search vendor "Codesys" for product "Control For Pfc100 Sl" and version " >= 4.4.0.0 < 4.5.0.0" | - |
Affected
| ||||||
| Codesys Search vendor "Codesys" | Control For Pfc200 Sl Search vendor "Codesys" for product "Control For Pfc200 Sl" | >= 4.4.0.0 < 4.5.0.0 Search vendor "Codesys" for product "Control For Pfc200 Sl" and version " >= 4.4.0.0 < 4.5.0.0" | - |
Affected
| ||||||
| Codesys Search vendor "Codesys" | Control For Raspberry Pi Sl Search vendor "Codesys" for product "Control For Raspberry Pi Sl" | >= 4.4.0.0 < 4.5.0.0 Search vendor "Codesys" for product "Control For Raspberry Pi Sl" and version " >= 4.4.0.0 < 4.5.0.0" | - |
Affected
| ||||||
| Codesys Search vendor "Codesys" | Control For Wago Touch Panels 600 Sl Search vendor "Codesys" for product "Control For Wago Touch Panels 600 Sl" | >= 4.4.0.0 < 4.5.0.0 Search vendor "Codesys" for product "Control For Wago Touch Panels 600 Sl" and version " >= 4.4.0.0 < 4.5.0.0" | - |
Affected
| ||||||
| Codesys Search vendor "Codesys" | Control Runtime System Toolkit Search vendor "Codesys" for product "Control Runtime System Toolkit" | >= 3.5.17.0 < 3.5.18.0 Search vendor "Codesys" for product "Control Runtime System Toolkit" and version " >= 3.5.17.0 < 3.5.18.0" | - |
Affected
| ||||||