CVE-2022-32142
CODESYS runtime system prone to denial of service due to use of out of range pointer
In short
CODESYS runtime systems can be crashed or have their memory corrupted by a remote attacker sending specially crafted requests with invalid offsets. This happens because the software doesn't properly validate memory access boundaries, allowing attackers to read or write data outside intended memory areas.
Technical detail
Out-of-bounds read/write vulnerability in CODESYS runtime triggered by remote attacker crafting requests with invalid memory offsets, exploitable without authentication or user interaction. Exploitation results in denial of service via memory corruption or potential local file modification through uncontrolled memory write access.
Summary generated and translated by AI from the official description.
Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which can cause an out-of-bounds read or write access, resulting in denial-of-service condition or local memory overwrite, which can lead to a change of local files. User interaction is not required.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →