CVE-2022-47391
CODESYS: Multiple products prone to Improper Input Validation
In short
CODESYS products don't properly check incoming data, allowing attackers to make the software crash by reading from invalid memory locations. This can take the system offline.
Technical detail
The vulnerability stems from improper input validation (CWE-20) in multiple CODESYS product versions, enabling unauthenticated remote attackers to trigger denial of service by forcing the application to read from invalid memory addresses. The attack requires network access to affected products with no prior authentication.
Summary generated and translated by AI from the official description.
In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
CODESYS · CODESYS Control for BeagleBone SLCODESYS · CODESYS Control for emPC-A/iMX6 SLCODESYS · CODESYS Control for IOT2000 SLCODESYS · CODESYS Control for Linux SLCODESYS · CODESYS Control for PFC100 SLCODESYS · CODESYS Control for PFC200 SLCODESYS · CODESYS Control for PLCnext SLCODESYS · CODESYS Control for Raspberry Pi SLCODESYS · CODESYS Control for WAGO Touch Panels 600 SLCODESYS · CODESYS Control RTE (for Beckhoff CX) SLCODESYS · CODESYS Control RTE (SL)CODESYS · CODESYS Control Runtime System ToolkitCODESYS · CODESYS Control Win (SL)CODESYS · CODESYS Development System V3CODESYS · CODESYS Edge Gateway for LinuxCODESYS · CODESYS Edge Gateway for WindowsCODESYS · CODESYS GatewayCODESYS · CODESYS HMI (SL)CODESYS · CODESYS Safety SIL2 PSPCODESYS · CODESYS Safety SIL2 Runtime ToolkitWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →