CVE-2022-47378 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CERTVDE	CNA	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 56%

Vendor	Product	Version
codesys	control_for_beaglebone_sl	𝑥 < 3.5.19.0
codesys	control_for_empc-a\/imx6_sl	𝑥 < 3.5.19.0
codesys	control_for_iot2000_sl	𝑥 < 3.5.19.0
codesys	control_for_linux_sl	𝑥 < 3.5.19.0
codesys	control_for_pfc100_sl	𝑥 < 3.5.19.0
codesys	control_for_pfc200_sl	𝑥 < 3.5.19.0
codesys	control_for_plcnext_sl	𝑥 < 3.5.19.0
codesys	control_for_raspberry_pi_sl	𝑥 < 3.5.19.0
codesys	control_for_wago_touch_panels_600_sl	𝑥 < 3.5.19.0
codesys	control_rte_\(for_beckhoff_cx\)_sl	𝑥 < 4.8.0.0
codesys	control_rte_\(sl\)	𝑥 < 4.8.0.0
codesys	control_runtime_system_toolkit	𝑥 < 4.8.0.0
codesys	control_win_\(sl\)	𝑥 < 4.8.0.0
codesys	development_system_v3	𝑥 < 4.8.0.0
codesys	hmi_\(sl\)	𝑥 < 4.8.0.0
codesys	safety_sil2_psp	𝑥 < 4.8.0.0
codesys	safety_sil2_runtime_toolkit	𝑥 < 4.8.0.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=