CVE-2022-30791

HIGH

CODESYS V3 - Unauthenticated Denial of Service via TCP Connection Exhaustion

Title source: llm

Description

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download=

Scores

CVSS v3 7.5

EPSS 0.0076

EPSS Percentile 50.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-400

Status published

Products (20)

codesys/control_for_beaglebone < 4.5.0.0

codesys/control_for_empc-a\/imx6 < 4.5.0.0

codesys/control_for_iot2000_sl < 4.6.0.0

codesys/control_for_linux_sl < 4.5.0.0

codesys/control_for_pfc100_sl < 4.5.0.0

codesys/control_for_pfc200_sl < 4.5.0.0

codesys/control_for_plcnext < 4.6.0.0

codesys/control_for_raspberry_pi_sl < 4.5.0.0

codesys/control_for_wago_touch_panels_600 < 4.5.0.0

codesys/control_rte_sl < 3.5.18.20

... and 10 more

Published Jul 11, 2022

Tracked Since Feb 18, 2026