CVE-2022-47378

Published May 15, 2023

Last updated a year ago

CVSS medium 6.5

Overview

Description: Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition.
Source: info@cert.vde.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-20
info@cert.vde.com: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "523FC1D5-2A13-4B4D-9EE6-7895A955F631",
            "versionEndExcluding": "3.5.19.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E4DDA5F-C7CD-4ADE-AE44-B2F2C2F6B61C",
            "versionEndExcluding": "3.5.19.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "968E3873-9D42-4516-B884-56D49BB8BE8E",
            "versionEndExcluding": "3.5.19.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8FD4E051-A23A-4214-A599-5EDFD40B4843",
            "versionEndExcluding": "3.5.19.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27B2E352-6ACE-4F3D-B462-4DE1197DAF04",
            "versionEndExcluding": "3.5.19.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F20DC27-C98B-49CF-9C39-9FB483438FD4",
            "versionEndExcluding": "3.5.19.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80A1AAE3-1A29-4B1E-8C50-0EA87D158371",
            "versionEndExcluding": "3.5.19.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C58C0EB-17CF-4ACA-B691-BBB558A77B4F",
            "versionEndExcluding": "3.5.19.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00007AE1-3679-4D05-96E2-F0F45E73B2B1",
            "versionEndExcluding": "3.5.19.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_rte_\\(for_beckhoff_cx\\)_sl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44E6A757-BB46-467E-B0DD-916672995584",
            "versionEndExcluding": "4.8.0.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_rte_\\(sl\\):*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C74B30D2-2653-4D2A-BEEC-0AB1843097AB",
            "versionEndExcluding": "4.8.0.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A9CF7388-0541-4CEA-B83B-127466DA6635",
            "versionEndExcluding": "4.8.0.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:control_win_\\(sl\\):*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D2297BF-E19B-4FA6-841F-0D5915D345CC",
            "versionEndExcluding": "4.8.0.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:development_system_v3:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBAA2041-8C65-4CC5-AC77-45DE2DEA458F",
            "versionEndExcluding": "4.8.0.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:hmi_\\(sl\\):*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2F76A22-9A91-4683-8F85-322E2AA00E28",
            "versionEndExcluding": "4.8.0.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:safety_sil2_psp:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B37C6669-08B9-4588-B871-3203E8ABFCE9",
            "versionEndExcluding": "4.8.0.0"
          },
          {
            "criteria": "cpe:2.3:a:codesys:safety_sil2_runtime_toolkit:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4E932B1-1475-40A0-AF58-D4F643A6A850",
            "versionEndExcluding": "4.8.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References