CVE-2022-22514

An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CERTVDECNA
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
codesyscontrol_for_beaglebone_sl
𝑥
< 4.5.0.0
codesyscontrol_for_beckhoff_cx9020
𝑥
< 4.5.0.0
codesyscontrol_for_empc-a\/imx6_sl
𝑥
< 4.5.0.0
codesyscontrol_for_iot2000_sl
𝑥
< 4.5.0.0
codesyscontrol_for_linux_sl
𝑥
< 4.5.0.0
codesyscontrol_for_pfc100_sl
𝑥
< 4.5.0.0
codesyscontrol_for_pfc200_sl
𝑥
< 4.5.0.0
codesyscontrol_for_plcnext_sl
𝑥
< 4.5.0.0
codesyscontrol_for_raspberry_pi_sl
𝑥
< 4.5.0.0
codesyscontrol_for_wago_touch_panels_600_sl
𝑥
< 4.5.0.0
codesyscontrol_rte_sl
𝑥
< 3.5.18.0
codesyscontrol_rte_sl_\(for_beckhoff_cx\)
𝑥
< 3.5.18.0
codesyscontrol_runtime_system_toolkit
𝑥
< 3.5.18.0
codesyscontrol_win_sl
𝑥
< 3.5.18.0
codesysdevelopment_system
3.0 ≤
𝑥
< 3.5.18.0
codesysedge_gateway
𝑥
< 3.5.18.0
codesysedge_gateway
𝑥
< 4.5.0.0
codesysembedded_target_visu_toolkit
𝑥
< 3.5.18.0
codesysgateway
𝑥
< 3.5.18.0
codesyshmi_sl
𝑥
< 3.5.18.0
codesysremote_target_visu_toolkit
𝑥
< 3.5.18.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download=
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download=