CVE-2022-30792

EUVD-2022-52615
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CERTVDECNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
codesyscontrol_for_beaglebone
𝑥
< 4.5.0.0
codesyscontrol_for_empc-a\/imx6
𝑥
< 4.5.0.0
codesyscontrol_for_iot2000_sl
𝑥
< 4.6.0.0
codesyscontrol_for_linux_sl
𝑥
< 4.5.0.0
codesyscontrol_for_pfc100_sl
𝑥
< 4.5.0.0
codesyscontrol_for_pfc200_sl
𝑥
< 4.5.0.0
codesyscontrol_for_plcnext
𝑥
< 4.6.0.0
codesyscontrol_for_raspberry_pi_sl
𝑥
< 4.5.0.0
codesyscontrol_for_wago_touch_panels_600
𝑥
< 4.5.0.0
codesyscontrol_rte_sl
𝑥
< 3.5.18.20
codesyscontrol_rte_sl_\(for_beckhoff_cx\)
𝑥
< 3.5.18.20
codesyscontrol_runtime_system_toolkit
𝑥
< 3.5.18.20
codesyscontrol_win
𝑥
< 3.5.18.20
codesysdevelopment_system
𝑥
< 3.5.18.20
codesysedge_gateway
𝑥
< 3.5.18.20
codesysedge_gateway
𝑥
< 4.5.0.0
codesysembedded_target_visu_toolkit
𝑥
< 3.5.18.20
codesysgateway
𝑥
< 3.5.18.20
codesyshmi
𝑥
< 3.5.18.20
codesysremote_target_visu_toolkit
𝑥
< 3.5.18.20
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download=
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download=