#VU85959 Input validation error in CODESYS products - CVE-2022-47392
Published: January 31, 2024
Vulnerability identifier: #VU85959
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-47392
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
CODESYS Control RTE
CODESYS Control RTE (for Beckhoff CX)
CODESYS Control Win
CODESYS Control Runtime System Toolkit
CODESYS Safety SIL2 Runtime Toolkit
CODESYS Safety SIL2 PSP
CODESYS HMI
CODESYS Development System V3
CODESYS Control for BeagleBone SL
CODESYS Control for emPC-A/iMX6 SL
CODESYS Control for IOT2000 SL
CODESYS Control for Linux SL
CODESYS Control for PFC100 SL
CODESYS Control for PFC200 SL
CODESYS Control for PLCnext SL
CODESYS Control for Raspberry Pi SL
CODESYS Control for WAGO Touch Panels 600 SL
CODESYS Control RTE
CODESYS Control RTE (for Beckhoff CX)
CODESYS Control Win
CODESYS Control Runtime System Toolkit
CODESYS Safety SIL2 Runtime Toolkit
CODESYS Safety SIL2 PSP
CODESYS HMI
CODESYS Development System V3
CODESYS Control for BeagleBone SL
CODESYS Control for emPC-A/iMX6 SL
CODESYS Control for IOT2000 SL
CODESYS Control for Linux SL
CODESYS Control for PFC100 SL
CODESYS Control for PFC200 SL
CODESYS Control for PLCnext SL
CODESYS Control for Raspberry Pi SL
CODESYS Control for WAGO Touch Panels 600 SL
Software vendor:
CODESYS
CODESYS
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpApp/CmpAppBP/CmpAppForce components. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.