CVE-2022-30792

HIGH

CODESYS V3 Control Runtime - Unauthenticated Denial of Service via CmpChannelServer Connection Exhaustion

Title source: llm

Description

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download=

Scores

CVSS v3 7.5

EPSS 0.0076

EPSS Percentile 50.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-400

Status published

Products (20)

codesys/control_for_beaglebone < 4.5.0.0

codesys/control_for_empc-a\/imx6 < 4.5.0.0

codesys/control_for_iot2000_sl < 4.6.0.0

codesys/control_for_linux_sl < 4.5.0.0

codesys/control_for_pfc100_sl < 4.5.0.0

codesys/control_for_pfc200_sl < 4.5.0.0

codesys/control_for_plcnext < 4.6.0.0

codesys/control_for_raspberry_pi_sl < 4.5.0.0

codesys/control_for_wago_touch_panels_600 < 4.5.0.0

codesys/control_rte_sl < 3.5.18.20

... and 10 more

Published Jul 11, 2022

Tracked Since Feb 18, 2026