CVE-2022-22519
Special HTTP(s) Requests can cause a buffer-read causing a crash of the webserver and the runtime system.
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.
Un atacante remoto y no autenticado puede enviar una solicitud HTTP o HTTPS con un diseño específico que provoque una sobrelectura del búfer y provoque un bloqueo del servidor web del sistema de ejecución de CODESYS Control
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-01-03 CVE Reserved
- 2022-04-07 CVE Published
- 2023-10-29 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
- CWE-126: Buffer Over-read
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Codesys Search vendor "Codesys" | Control For Beaglebone Sl Search vendor "Codesys" for product "Control For Beaglebone Sl" | < 4.5.0.0 Search vendor "Codesys" for product "Control For Beaglebone Sl" and version " < 4.5.0.0" | - |
Affected
| ||||||
| Codesys Search vendor "Codesys" | Control For Beckhoff Cx9020 Search vendor "Codesys" for product "Control For Beckhoff Cx9020" | < 4.5.0.0 Search vendor "Codesys" for product "Control For Beckhoff Cx9020" and version " < 4.5.0.0" | - |
Affected
| ||||||
| Codesys Search vendor "Codesys" | Control For Empc-a\/imx6 Sl Search vendor "Codesys" for product "Control For Empc-a\/imx6 Sl" | < 4.5.0.0 Search vendor "Codesys" for product "Control For Empc-a\/imx6 Sl" and version " < 4.5.0.0" | - |
Affected
| ||||||
| Codesys Search vendor "Codesys" | Control For Iot2000 Sl Search vendor "Codesys" for product "Control For Iot2000 Sl" | < 4.5.0.0 Search vendor "Codesys" for product "Control For Iot2000 Sl" and version " < 4.5.0.0" | - |
Affected
| ||||||
| Codesys Search vendor "Codesys" | Control For Linux Sl Search vendor "Codesys" for product "Control For Linux Sl" | < 4.5.0.0 Search vendor "Codesys" for product "Control For Linux Sl" and version " < 4.5.0.0" | - |
Affected
| ||||||
| Codesys Search vendor "Codesys" | Control For Pfc100 Sl Search vendor "Codesys" for product "Control For Pfc100 Sl" | < 4.5.0.0 Search vendor "Codesys" for product "Control For Pfc100 Sl" and version " < 4.5.0.0" | - |
Affected
| ||||||
| Codesys Search vendor "Codesys" | Control For Pfc200 Sl Search vendor "Codesys" for product "Control For Pfc200 Sl" | < 4.5.0.0 Search vendor "Codesys" for product "Control For Pfc200 Sl" and version " < 4.5.0.0" | - |
Affected
| ||||||
| Codesys Search vendor "Codesys" | Control For Plcnext Sl Search vendor "Codesys" for product "Control For Plcnext Sl" | < 4.5.0.0 Search vendor "Codesys" for product "Control For Plcnext Sl" and version " < 4.5.0.0" | - |
Affected
| ||||||
| Codesys Search vendor "Codesys" | Control For Raspberry Pi Sl Search vendor "Codesys" for product "Control For Raspberry Pi Sl" | < 4.5.0.0 Search vendor "Codesys" for product "Control For Raspberry Pi Sl" and version " < 4.5.0.0" | - |
Affected
| ||||||
| Codesys Search vendor "Codesys" | Control For Wago Touch Panels 600 Sl Search vendor "Codesys" for product "Control For Wago Touch Panels 600 Sl" | < 4.5.0.0 Search vendor "Codesys" for product "Control For Wago Touch Panels 600 Sl" and version " < 4.5.0.0" | - |
Affected
| ||||||
| Codesys Search vendor "Codesys" | Control Rte Sl Search vendor "Codesys" for product "Control Rte Sl" | < 3.5.18.0 Search vendor "Codesys" for product "Control Rte Sl" and version " < 3.5.18.0" | - |
Affected
| ||||||
| Codesys Search vendor "Codesys" | Control Rte Sl \(for Beckhoff Cx\) Search vendor "Codesys" for product "Control Rte Sl \(for Beckhoff Cx\)" | < 3.5.18.0 Search vendor "Codesys" for product "Control Rte Sl \(for Beckhoff Cx\)" and version " < 3.5.18.0" | - |
Affected
| ||||||
| Codesys Search vendor "Codesys" | Control Runtime System Toolkit Search vendor "Codesys" for product "Control Runtime System Toolkit" | < 3.5.18.0 Search vendor "Codesys" for product "Control Runtime System Toolkit" and version " < 3.5.18.0" | - |
Affected
| ||||||
| Codesys Search vendor "Codesys" | Control Win Sl Search vendor "Codesys" for product "Control Win Sl" | < 3.5.18.0 Search vendor "Codesys" for product "Control Win Sl" and version " < 3.5.18.0" | - |
Affected
| ||||||
| Codesys Search vendor "Codesys" | Development System Search vendor "Codesys" for product "Development System" | < 3.5.18.0 Search vendor "Codesys" for product "Development System" and version " < 3.5.18.0" | - |
Affected
| ||||||
| Codesys Search vendor "Codesys" | Embedded Target Visu Toolkit Search vendor "Codesys" for product "Embedded Target Visu Toolkit" | < 3.5.18.0 Search vendor "Codesys" for product "Embedded Target Visu Toolkit" and version " < 3.5.18.0" | - |
Affected
| ||||||
| Codesys Search vendor "Codesys" | Hmi Sl Search vendor "Codesys" for product "Hmi Sl" | < 3.5.18.0 Search vendor "Codesys" for product "Hmi Sl" and version " < 3.5.18.0" | - |
Affected
| ||||||
| Codesys Search vendor "Codesys" | Remote Target Visu Toolkit Search vendor "Codesys" for product "Remote Target Visu Toolkit" | < 3.5.18.0 Search vendor "Codesys" for product "Remote Target Visu Toolkit" and version " < 3.5.18.0" | - |
Affected
| ||||||