CVE-2022-4048

HIGH

CODESYS Dev Sys <V3.5.18.40 - Info Disclosure

Title source: llm

Description

Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40 allows an unauthenticated local attacker to access and manipulate code of the encrypted boot application.

References (1)

[Vendor Advisory] https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17350&token=2cee62285d3ec76d6a78dfa9b9e81e66f6136a2a&download=

Scores

CVSS v3 7.7

EPSS 0.0005

EPSS Percentile 14.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-326

Status published

Products (1)

codesys/development_system_v3 < 3.5.18.40

Published May 15, 2023

Tracked Since Feb 18, 2026