CVE-2022-30791

EUVD-2022-52614
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CERTVDECNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
codesyscontrol_for_beaglebone
𝑥
< 4.5.0.0
codesyscontrol_for_empc-a\/imx6
𝑥
< 4.5.0.0
codesyscontrol_for_iot2000_sl
𝑥
< 4.6.0.0
codesyscontrol_for_linux_sl
𝑥
< 4.5.0.0
codesyscontrol_for_pfc100_sl
𝑥
< 4.5.0.0
codesyscontrol_for_pfc200_sl
𝑥
< 4.5.0.0
codesyscontrol_for_plcnext
𝑥
< 4.6.0.0
codesyscontrol_for_raspberry_pi_sl
𝑥
< 4.5.0.0
codesyscontrol_for_wago_touch_panels_600
𝑥
< 4.5.0.0
codesyscontrol_rte_sl
𝑥
< 3.5.18.20
codesyscontrol_rte_sl_\(for_beckhoff_cx\)
𝑥
< 3.5.18.20
codesyscontrol_runtime_system_toolkit
𝑥
< 3.5.18.20
codesyscontrol_win
𝑥
< 3.5.18.20
codesysdevelopment_system
𝑥
< 3.5.18.20
codesysedge_gateway
𝑥
< 3.5.18.20
codesysedge_gateway
𝑥
< 4.5.0.0
codesysembedded_target_visu_toolkit
𝑥
< 3.5.18.20
codesysgateway
𝑥
< 3.5.18.20
codesyshmi
𝑥
< 3.5.18.20
codesysremote_target_visu_toolkit
𝑥
< 3.5.18.20
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download=
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download=