CVE-2022-4224

HIGH

CODESYS Control for Beaglebone SL 3.0-4.8.0.0 - Unauthenticated Arbitrary File Read/Write and Denial of Service

Title source: llm

Description

In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.

References (1)

Core 1

Core References

Vendor Advisory

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17553&token=cf49757d232ea8021f0c0dd6c65e71ea5942b12d&download=

Scores

CVSS v3 8.8

EPSS 0.0088

EPSS Percentile 54.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1188

Status published

Products (33)

CODESYS/Control for BeagleBone SL 3.0.0.0 - 4.8.0.0

CODESYS/Control for emPC-A/iMX6 SL 3.0.0.0 - 4.8.0.0

CODESYS/Control for IOT2000 SL 3.0.0.0 - 4.8.0.0

CODESYS/Control for Linux SL 3.0.0.0 - 4.8.0.0

CODESYS/Control for PFC100 SL 3.0.0.0 - 4.8.0.0

CODESYS/Control for PFC200 SL 3.0.0.0 - 4.8.0.0

CODESYS/Control for PLCnext SL 3.0.0.0 - 4.8.0.0

CODESYS/Control for Raspberry Pi SL 3.0.0.0 - 4.8.0.0

CODESYS/Control for WAGO Touch Panels 600 SL 3.0.0.0 - 4.8.0.0

CODESYS/Control RTE (for Beckhoff CX) SL 3.0.0.0 - 3.5.19.0

... and 23 more

Published Mar 23, 2023

Tracked Since Feb 18, 2026