// For flags

CVE-2022-47385

CODESYS: Multiple products prone to stack based out-of-bounds write

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

*Credits: Vladimir Tokarev, Microsoft
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-12-14 CVE Reserved
  • 2023-05-15 CVE Published
  • 2024-05-21 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-787: Out-of-bounds Write
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Codesys
Search vendor "Codesys"
Control For Beaglebone Sl
Search vendor "Codesys" for product "Control For Beaglebone Sl"
< 3.5.19.0
Search vendor "Codesys" for product "Control For Beaglebone Sl" and version " < 3.5.19.0"
-
Affected
Codesys
Search vendor "Codesys"
Control For Empc-a\/imx6 Sl
Search vendor "Codesys" for product "Control For Empc-a\/imx6 Sl"
< 3.5.19.0
Search vendor "Codesys" for product "Control For Empc-a\/imx6 Sl" and version " < 3.5.19.0"
-
Affected
Codesys
Search vendor "Codesys"
Control For Iot2000 Sl
Search vendor "Codesys" for product "Control For Iot2000 Sl"
< 3.5.19.0
Search vendor "Codesys" for product "Control For Iot2000 Sl" and version " < 3.5.19.0"
-
Affected
Codesys
Search vendor "Codesys"
Control For Linux Sl
Search vendor "Codesys" for product "Control For Linux Sl"
< 3.5.19.0
Search vendor "Codesys" for product "Control For Linux Sl" and version " < 3.5.19.0"
-
Affected
Codesys
Search vendor "Codesys"
Control For Pfc100 Sl
Search vendor "Codesys" for product "Control For Pfc100 Sl"
< 3.5.19.0
Search vendor "Codesys" for product "Control For Pfc100 Sl" and version " < 3.5.19.0"
-
Affected
Codesys
Search vendor "Codesys"
Control For Pfc200 Sl
Search vendor "Codesys" for product "Control For Pfc200 Sl"
< 3.5.19.0
Search vendor "Codesys" for product "Control For Pfc200 Sl" and version " < 3.5.19.0"
-
Affected
Codesys
Search vendor "Codesys"
Control For Plcnext Sl
Search vendor "Codesys" for product "Control For Plcnext Sl"
< 3.5.19.0
Search vendor "Codesys" for product "Control For Plcnext Sl" and version " < 3.5.19.0"
-
Affected
Codesys
Search vendor "Codesys"
Control For Raspberry Pi Sl
Search vendor "Codesys" for product "Control For Raspberry Pi Sl"
< 3.5.19.0
Search vendor "Codesys" for product "Control For Raspberry Pi Sl" and version " < 3.5.19.0"
-
Affected
Codesys
Search vendor "Codesys"
Control For Wago Touch Panels 600 Sl
Search vendor "Codesys" for product "Control For Wago Touch Panels 600 Sl"
< 3.5.19.0
Search vendor "Codesys" for product "Control For Wago Touch Panels 600 Sl" and version " < 3.5.19.0"
-
Affected
Codesys
Search vendor "Codesys"
Control Rte \(for Beckhoff Cx\) Sl
Search vendor "Codesys" for product "Control Rte \(for Beckhoff Cx\) Sl"
< 4.8.0.0
Search vendor "Codesys" for product "Control Rte \(for Beckhoff Cx\) Sl" and version " < 4.8.0.0"
-
Affected
Codesys
Search vendor "Codesys"
Control Rte \(sl\)
Search vendor "Codesys" for product "Control Rte \(sl\)"
< 4.8.0.0
Search vendor "Codesys" for product "Control Rte \(sl\)" and version " < 4.8.0.0"
-
Affected
Codesys
Search vendor "Codesys"
Control Runtime System Toolkit
Search vendor "Codesys" for product "Control Runtime System Toolkit"
< 4.8.0.0
Search vendor "Codesys" for product "Control Runtime System Toolkit" and version " < 4.8.0.0"
-
Affected
Codesys
Search vendor "Codesys"
Control Win \(sl\)
Search vendor "Codesys" for product "Control Win \(sl\)"
< 4.8.0.0
Search vendor "Codesys" for product "Control Win \(sl\)" and version " < 4.8.0.0"
-
Affected
Codesys
Search vendor "Codesys"
Development System V3
Search vendor "Codesys" for product "Development System V3"
< 4.8.0.0
Search vendor "Codesys" for product "Development System V3" and version " < 4.8.0.0"
-
Affected
Codesys
Search vendor "Codesys"
Hmi \(sl\)
Search vendor "Codesys" for product "Hmi \(sl\)"
< 4.8.0.0
Search vendor "Codesys" for product "Hmi \(sl\)" and version " < 4.8.0.0"
-
Affected
Codesys
Search vendor "Codesys"
Safety Sil2 Psp
Search vendor "Codesys" for product "Safety Sil2 Psp"
< 4.8.0.0
Search vendor "Codesys" for product "Safety Sil2 Psp" and version " < 4.8.0.0"
-
Affected
Codesys
Search vendor "Codesys"
Safety Sil2 Runtime Toolkit
Search vendor "Codesys" for product "Safety Sil2 Runtime Toolkit"
< 4.8.0.0
Search vendor "Codesys" for product "Safety Sil2 Runtime Toolkit" and version " < 4.8.0.0"
-
Affected