CVE-2022-22515

A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CERTVDECNA
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
codesyscontrol_for_beaglebone_sl
𝑥
< 4.5.0.0
codesyscontrol_for_beckhoff_cx9020
𝑥
< 4.5.0.0
codesyscontrol_for_empc-a\/imx6_sl
𝑥
< 4.5.0.0
codesyscontrol_for_iot2000_sl
𝑥
< 4.5.0.0
codesyscontrol_for_linux_sl
𝑥
< 4.5.0.0
codesyscontrol_for_pfc100_sl
𝑥
< 4.5.0.0
codesyscontrol_for_pfc200_sl
𝑥
< 4.5.0.0
codesyscontrol_for_plcnext_sl
𝑥
< 4.5.0.0
codesyscontrol_for_raspberry_pi_sl
𝑥
< 4.5.0.0
codesyscontrol_for_wago_touch_panels_600_sl
𝑥
< 4.5.0.0
codesyscontrol_rte_sl
𝑥
< 3.5.18.0
codesyscontrol_rte_sl_\(for_beckhoff_cx\)
𝑥
< 3.5.18.0
codesyscontrol_runtime_system_toolkit
𝑥
< 3.5.18.0
codesyscontrol_win_sl
𝑥
< 3.5.18.0
codesysdevelopment_system
3.0 ≤
𝑥
< 3.5.18.0
codesysembedded_target_visu_toolkit
𝑥
< 3.5.18.0
codesyshmi_sl
𝑥
< 3.5.18.0
codesysremote_target_visu_toolkit
𝑥
< 3.5.18.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17089&token=cc5041e24fc744a397a6f6e3b78200a40e6fcd53&download=
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17089&token=cc5041e24fc744a397a6f6e3b78200a40e6fcd53&download=