CODESYS: Improper memory restrictions fro CODESYS Control
CVE-2022-4046

8.8HIGH

Key Information:

Vendor: Codesys
Status: Codesys Control For Beaglebone Sl; Codesys Control For Empc-a/imx6 Sl; Codesys Control For Iot2000 Sl; Codesys Control For Linux Sl
Vendor: CVE Published:; 3 August 2023

What is CVE-2022-4046?

In CODESYS Control, improper restriction of operations within the memory buffer bounds has been identified. This vulnerability enables an attacker with user privileges to exploit the system, potentially gaining full access to the affected device. Prompt rectification and safeguarding measures are essential to mitigate risks against such remote threats.

Affected Version(s)

CODESYS Control for BeagleBone SL all

CODESYS Control for emPC-A/iMX6 SL all

CODESYS Control for IOT2000 SL all

References

https://cert.vde.com/en/advisories/VDE-2023-025/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 3, 2023
Vulnerability Reserved
Nov 17, 2022

Codesys

What is CVE-2022-4046?

Affected Version(s)

References

CVSS V3.1

Timeline