CVE-2022-32137
CODESYS Runtime System prone to heap based buffer overflow
In short
A vulnerability in CODESYS Runtime System allows a remote attacker to send a specially crafted request that overflows a memory buffer, potentially crashing the system or corrupting data without needing user interaction.
Technical detail
A heap-based buffer overflow exists in CODESYS products where an unauthenticated remote attacker can craft a malicious request to trigger the overflow, leading to denial-of-service or arbitrary memory corruption. The attack requires no user interaction and can be exploited by a low-privileged network participant.
Summary generated and translated by AI from the official description.
In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. User interaction is not required.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →