CODESYS: Exposure of Resource to Wrong Sphere in CODESYS V3
CVE-2022-4224

8.8HIGH

Key Information:

Vendor: Codesys
Status: Control Rte (sl); Control Rte (for Beckhoff Cx) Sl; Control Win (sl); Runtime Toolkit
Vendor: CVE Published:; 23 March 2023

What is CVE-2022-4224?

In CODESYS v3, a vulnerability allows a remote low privileged user to exploit the system, enabling them to read and modify critical system files and OS resources. This flaw could also lead to potential denial-of-service attacks on the device, posing severe risks to system integrity and availability.

Affected Version(s)

Control for BeagleBone SL 3.0.0.0 < 4.8.0.0

Control for PFC100 SL 3.0.0.0 < 4.8.0.0

Control for PFC200 SL 3.0.0.0 < 4.8.0.0

References

https://customers.codesys.com/index.php?eID=dumpFile&t=f&...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 23, 2023
Vulnerability Reserved
Nov 30, 2022

Credit

Franklin Zhao from ELEX FEIGONG RESEARCH INSTITUTE of Elex CyberSecurity

Reid Wightman of Dragos

Codesys

What is CVE-2022-4224?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit