CVE-2022-22515

HIGH

CODESYS Control Runtime System < 4.5.0.0 - Authenticated Configuration File Read and Write

Title source: llm

Description

A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17089&token=cc5041e24fc744a397a6f6e3b78200a40e6fcd53&download=

Scores

CVSS v3 8.1

EPSS 0.0103

EPSS Percentile 59.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-668

Status published

Products (18)

codesys/control_for_beaglebone_sl < 4.5.0.0

codesys/control_for_beckhoff_cx9020 < 4.5.0.0

codesys/control_for_empc-a\/imx6_sl < 4.5.0.0

codesys/control_for_iot2000_sl < 4.5.0.0

codesys/control_for_linux_sl < 4.5.0.0

codesys/control_for_pfc100_sl < 4.5.0.0

codesys/control_for_pfc200_sl < 4.5.0.0

codesys/control_for_plcnext_sl < 4.5.0.0

codesys/control_for_raspberry_pi_sl < 4.5.0.0

codesys/control_for_wago_touch_panels_600_sl < 4.5.0.0

... and 8 more

Published Apr 07, 2022

Tracked Since Feb 18, 2026