CVE-2022-22514

HIGH

CmpTraceMgr - Memory Corruption

Title source: llm

Description

An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.

References (1)

[Vendor Advisory] https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download=

Scores

CVSS v3 7.1

EPSS 0.0038

EPSS Percentile 59.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Details

CWE

CWE-119 CWE-822

Status published

Products (21)

codesys/control_for_beaglebone_sl < 4.5.0.0

codesys/control_for_beckhoff_cx9020 < 4.5.0.0

codesys/control_for_empc-a\/imx6_sl < 4.5.0.0

codesys/control_for_iot2000_sl < 4.5.0.0

codesys/control_for_linux_sl < 4.5.0.0

codesys/control_for_pfc100_sl < 4.5.0.0

codesys/control_for_pfc200_sl < 4.5.0.0

codesys/control_for_plcnext_sl < 4.5.0.0

codesys/control_for_raspberry_pi_sl < 4.5.0.0

codesys/control_for_wago_touch_panels_600_sl < 4.5.0.0

... and 11 more

Published Apr 07, 2022

Tracked Since Feb 18, 2026