CVE-2022-47382
CODESYS: Multiple products prone to stack based out-of-bounds write
In short
A flaw in CODESYS software lets an authenticated attacker write data beyond stack memory boundaries, potentially crashing the program, corrupting data, or executing malicious code.
Technical detail
Stack-based buffer overflow in CmpTraceMgr component requires prior authentication; attacker can overwrite stack memory to achieve DoS, memory corruption, or arbitrary code execution depending on stack layout and protections.
Summary generated and translated by AI from the official description.
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
CODESYS · CODESYS Control for BeagleBone SLCODESYS · CODESYS Control for emPC-A/iMX6 SLCODESYS · CODESYS Control for IOT2000 SLCODESYS · CODESYS Control for Linux SLCODESYS · CODESYS Control for PFC100 SLCODESYS · CODESYS Control for PFC200 SLCODESYS · CODESYS Control for PLCnext SLCODESYS · CODESYS Control for Raspberry Pi SLCODESYS · CODESYS Control for WAGO Touch Panels 600 SLCODESYS · CODESYS Control RTE (for Beckhoff CX) SLCODESYS · CODESYS Control RTE (SL)CODESYS · CODESYS Control Runtime System ToolkitCODESYS · CODESYS Control Win (SL)CODESYS · CODESYS Development System V3CODESYS · CODESYS HMI (SL)CODESYS · CODESYS Safety SIL2 PSPCODESYS · CODESYS Safety SIL2 Runtime ToolkitWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →