CVE-2022-22515
A component of the CODESYS Control runtime system allows read and write access to configuration files
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.1EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
07 Apr 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected products
CODESYS · CODESYS Control for BeagleBone SLCODESYS · CODESYS Control for Beckhoff CX9020 SLCODESYS · CODESYS Control for emPC-A/iMX6 SLCODESYS · CODESYS Control for IOT2000 SLCODESYS · CODESYS Control for Linux SLCODESYS · CODESYS Control for PFC100 SLCODESYS · CODESYS Control for PFC200 SLCODESYS · CODESYS Control for PLCnext SLCODESYS · CODESYS Control for Raspberry Pi SLCODESYS · CODESYS Control for WAGO Touch Panels 600 SLCODESYS · CODESYS Control RTE (for Beckhoff CX) SLCODESYS · CODESYS Control RTE (SL)CODESYS · CODESYS Control Runtime System ToolkitCODESYS · CODESYS Control Win (SL)CODESYS · CODESYS Development System V3CODESYS · CODESYS Embedded Target Visu ToolkitCODESYS · CODESYS HMI (SL)CODESYS · CODESYS Remote Target Visu ToolkitWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →