CVE-2022-22515

HIGH

CODESYS Control - Code Injection

Title source: llm

Description

A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.

References (1)

[Vendor Advisory] https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17089&token=cc5041e24fc744a397a6f6e3b78200a40e6fcd53&download=

Scores

CVSS v3 8.1

EPSS 0.0020

EPSS Percentile 42.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Classification

CWE

CWE-668

Status published

Affected Products (18)

codesys/control_for_beaglebone_sl < 4.5.0.0

codesys/control_for_beckhoff_cx9020 < 4.5.0.0

codesys/control_for_empc-a\/imx6_sl < 4.5.0.0

codesys/control_for_iot2000_sl < 4.5.0.0

codesys/control_for_linux_sl < 4.5.0.0

codesys/control_for_pfc100_sl < 4.5.0.0

codesys/control_for_pfc200_sl < 4.5.0.0

codesys/control_for_plcnext_sl < 4.5.0.0

codesys/control_for_raspberry_pi_sl < 4.5.0.0

codesys/control_for_wago_touch_panels_600_sl < 4.5.0.0

codesys/control_rte_sl < 3.5.18.0

codesys/control_rte_sl_\(for_beckhoff_cx\) < 3.5.18.0

codesys/control_runtime_system_toolkit < 3.5.18.0

codesys/control_win_sl < 3.5.18.0

codesys/development_system < 3.5.18.0

... and 3 more

Timeline

Published Apr 07, 2022

Tracked Since Feb 18, 2026