// For flags

CVE-2022-47393

CODESYS: Multiple products prone to improperly restricted memory operations

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation.

*Credits: Vladimir Tokarev, Microsoft
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-12-14 CVE Reserved
  • 2023-05-15 CVE Published
  • 2024-05-21 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Codesys
Search vendor "Codesys"
Control For Beaglebone Sl
Search vendor "Codesys" for product "Control For Beaglebone Sl"
< 3.5.19.0
Search vendor "Codesys" for product "Control For Beaglebone Sl" and version " < 3.5.19.0"
-
Affected
Codesys
Search vendor "Codesys"
Control For Empc-a\/imx6 Sl
Search vendor "Codesys" for product "Control For Empc-a\/imx6 Sl"
< 3.5.19.0
Search vendor "Codesys" for product "Control For Empc-a\/imx6 Sl" and version " < 3.5.19.0"
-
Affected
Codesys
Search vendor "Codesys"
Control For Iot2000 Sl
Search vendor "Codesys" for product "Control For Iot2000 Sl"
< 3.5.19.0
Search vendor "Codesys" for product "Control For Iot2000 Sl" and version " < 3.5.19.0"
-
Affected
Codesys
Search vendor "Codesys"
Control For Linux Sl
Search vendor "Codesys" for product "Control For Linux Sl"
< 3.5.19.0
Search vendor "Codesys" for product "Control For Linux Sl" and version " < 3.5.19.0"
-
Affected
Codesys
Search vendor "Codesys"
Control For Pfc100 Sl
Search vendor "Codesys" for product "Control For Pfc100 Sl"
< 3.5.19.0
Search vendor "Codesys" for product "Control For Pfc100 Sl" and version " < 3.5.19.0"
-
Affected
Codesys
Search vendor "Codesys"
Control For Pfc200 Sl
Search vendor "Codesys" for product "Control For Pfc200 Sl"
< 3.5.19.0
Search vendor "Codesys" for product "Control For Pfc200 Sl" and version " < 3.5.19.0"
-
Affected
Codesys
Search vendor "Codesys"
Control For Plcnext Sl
Search vendor "Codesys" for product "Control For Plcnext Sl"
< 3.5.19.0
Search vendor "Codesys" for product "Control For Plcnext Sl" and version " < 3.5.19.0"
-
Affected
Codesys
Search vendor "Codesys"
Control For Raspberry Pi Sl
Search vendor "Codesys" for product "Control For Raspberry Pi Sl"
< 3.5.19.0
Search vendor "Codesys" for product "Control For Raspberry Pi Sl" and version " < 3.5.19.0"
-
Affected
Codesys
Search vendor "Codesys"
Control For Wago Touch Panels 600 Sl
Search vendor "Codesys" for product "Control For Wago Touch Panels 600 Sl"
< 3.5.19.0
Search vendor "Codesys" for product "Control For Wago Touch Panels 600 Sl" and version " < 3.5.19.0"
-
Affected
Codesys
Search vendor "Codesys"
Control Rte \(for Beckhoff Cx\) Sl
Search vendor "Codesys" for product "Control Rte \(for Beckhoff Cx\) Sl"
< 4.8.0.0
Search vendor "Codesys" for product "Control Rte \(for Beckhoff Cx\) Sl" and version " < 4.8.0.0"
-
Affected
Codesys
Search vendor "Codesys"
Control Rte \(sl\)
Search vendor "Codesys" for product "Control Rte \(sl\)"
< 4.8.0.0
Search vendor "Codesys" for product "Control Rte \(sl\)" and version " < 4.8.0.0"
-
Affected
Codesys
Search vendor "Codesys"
Control Runtime System Toolkit
Search vendor "Codesys" for product "Control Runtime System Toolkit"
< 4.8.0.0
Search vendor "Codesys" for product "Control Runtime System Toolkit" and version " < 4.8.0.0"
-
Affected
Codesys
Search vendor "Codesys"
Control Win \(sl\)
Search vendor "Codesys" for product "Control Win \(sl\)"
< 4.8.0.0
Search vendor "Codesys" for product "Control Win \(sl\)" and version " < 4.8.0.0"
-
Affected
Codesys
Search vendor "Codesys"
Development System V3
Search vendor "Codesys" for product "Development System V3"
< 4.8.0.0
Search vendor "Codesys" for product "Development System V3" and version " < 4.8.0.0"
-
Affected
Codesys
Search vendor "Codesys"
Hmi \(sl\)
Search vendor "Codesys" for product "Hmi \(sl\)"
< 4.8.0.0
Search vendor "Codesys" for product "Hmi \(sl\)" and version " < 4.8.0.0"
-
Affected
Codesys
Search vendor "Codesys"
Safety Sil2 Psp
Search vendor "Codesys" for product "Safety Sil2 Psp"
< 4.8.0.0
Search vendor "Codesys" for product "Safety Sil2 Psp" and version " < 4.8.0.0"
-
Affected
Codesys
Search vendor "Codesys"
Safety Sil2 Runtime Toolkit
Search vendor "Codesys" for product "Safety Sil2 Runtime Toolkit"
< 4.8.0.0
Search vendor "Codesys" for product "Safety Sil2 Runtime Toolkit" and version " < 4.8.0.0"
-
Affected