CVE-2022-22514

EUVD-2022-27660
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CERTVDECNA
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
Affected Products (NVD)
VendorProductVersion
codesyscontrol_for_beaglebone_sl
𝑥
< 4.5.0.0
codesyscontrol_for_beckhoff_cx9020
𝑥
< 4.5.0.0
codesyscontrol_for_empc-a\/imx6_sl
𝑥
< 4.5.0.0
codesyscontrol_for_iot2000_sl
𝑥
< 4.5.0.0
codesyscontrol_for_linux_sl
𝑥
< 4.5.0.0
codesyscontrol_for_pfc100_sl
𝑥
< 4.5.0.0
codesyscontrol_for_pfc200_sl
𝑥
< 4.5.0.0
codesyscontrol_for_plcnext_sl
𝑥
< 4.5.0.0
codesyscontrol_for_raspberry_pi_sl
𝑥
< 4.5.0.0
codesyscontrol_for_wago_touch_panels_600_sl
𝑥
< 4.5.0.0
codesyscontrol_rte_sl
𝑥
< 3.5.18.0
codesyscontrol_rte_sl_\(for_beckhoff_cx\)
𝑥
< 3.5.18.0
codesyscontrol_runtime_system_toolkit
𝑥
< 3.5.18.0
codesyscontrol_win_sl
𝑥
< 3.5.18.0
codesysdevelopment_system
3.0 ≤
𝑥
< 3.5.18.0
codesysedge_gateway
𝑥
< 3.5.18.0
codesysedge_gateway
𝑥
< 4.5.0.0
codesysembedded_target_visu_toolkit
𝑥
< 3.5.18.0
codesysgateway
𝑥
< 3.5.18.0
codesyshmi_sl
𝑥
< 3.5.18.0
codesysremote_target_visu_toolkit
𝑥
< 3.5.18.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download=
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download=