CVE-2022-4224

Published Mar 23, 2023

Last updated 10 months ago

CVSS high 8.8

Overview

Description: In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.
Source: info@cert.vde.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

info@cert.vde.com: CWE-1188
nvd@nist.gov: CWE-1188

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40CAED29-E204-459D-8AFC-F814E68FAB9A",
            "versionEndExcluding": "4.8.0.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5E9691E-E67A-4D59-9152-3731DD381CF4",
            "versionEndExcluding": "4.8.0.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5FC8BEB-DB37-4486-BAFD-16B82F331F9C",
            "versionEndExcluding": "4.8.0.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2821B72-748A-4B3E-BD8B-E55C92A1A166",
            "versionEndExcluding": "4.8.0.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "680C2604-3774-43D2-9DDE-38A0F593BFF3",
            "versionEndExcluding": "4.8.0.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4B2CB47-68F3-4C17-8D61-88F655CF19ED",
            "versionEndExcluding": "4.8.0.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E3514C8-F513-4576-8F6D-DDB193E3B947",
            "versionEndExcluding": "4.8.0.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5059640A-05F0-4D59-9682-BC09F155527C",
            "versionEndExcluding": "4.8.0.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7D13CFF-F753-430B-9E03-F3F24066B529",
            "versionEndExcluding": "4.8.0.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C27B4D20-FDE3-4003-97BD-F43EE147AD6A",
            "versionEndExcluding": "3.5.19.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63A8AFF5-3CC8-43FA-A9D3-A6A53FAF15FC",
            "versionEndExcluding": "3.5.19.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1A44FED-CFBB-454A-B8E8-FC11A996488F",
            "versionEndExcluding": "3.5.19.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8297903A-80E1-4FA7-B552-672B94B6B6B4",
            "versionEndExcluding": "3.5.19.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57C60464-F6BB-431A-AD96-32B07FD99948",
            "versionEndExcluding": "3.5.19.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0032B82B-21B9-4006-A7E4-CD5B92962136",
            "versionEndExcluding": "3.5.19.0",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:safety_sil2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7181873-775F-43A6-BDBB-DBB2879C7D4D",
            "versionEndExcluding": "3.5.19.0",
            "versionStartIncluding": "3.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References