CVE-2022-22518

Published Apr 7, 2022

Last updated 3 months ago

CVSS medium 6.5

Overview

Description: A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy.
Source: info@cert.vde.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.5
Impact score: 2.5
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 6.4
Impact score: 4.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:N

Weaknesses

info@cert.vde.com: CWE-276
nvd@nist.gov: CWE-276

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6EFFE98-C633-4C31-9FDA-F88C4CE7A04B",
            "versionEndExcluding": "4.5.0.0",
            "versionStartIncluding": "4.4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_beckhoff_cx9020:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6492A42C-B284-4981-9DA0-6CCDA56987FD",
            "versionEndExcluding": "4.5.0.0",
            "versionStartIncluding": "4.4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "471215BE-80E8-4191-BD3A-863E62FDD021",
            "versionEndExcluding": "4.5.0.0",
            "versionStartIncluding": "4.4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C97B5A4-BCA2-4B0F-9A06-676F0AA0D55A",
            "versionEndExcluding": "4.5.0.0",
            "versionStartIncluding": "4.4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E50B1160-AC34-435E-8761-92AD66CC20BF",
            "versionEndExcluding": "4.5.0.0",
            "versionStartIncluding": "4.4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC0DF7A9-11CA-4622-8C9F-89AB063E26D2",
            "versionEndExcluding": "4.5.0.0",
            "versionStartIncluding": "4.4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1320EE2C-DE77-4E23-A7C6-0579886C83B7",
            "versionEndExcluding": "4.5.0.0",
            "versionStartIncluding": "4.4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D57C6EB7-AF27-4FEF-9202-4235D28CEA9B",
            "versionEndExcluding": "4.5.0.0",
            "versionStartIncluding": "4.4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96A593C8-0EFE-46F1-B80C-F2FB909FC890",
            "versionEndExcluding": "4.5.0.0",
            "versionStartIncluding": "4.4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9D653AF-79DA-4975-973D-1054069A5D13",
            "versionEndExcluding": "3.5.18.0",
            "versionStartIncluding": "3.5.17.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References