CVE-2022-47384

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can leadto a denial-of-service condition, memory overwriting, or remote code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CERTVDECNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
codesyscontrol_for_beaglebone_sl
𝑥
< 3.5.19.0
codesyscontrol_for_empc-a\/imx6_sl
𝑥
< 3.5.19.0
codesyscontrol_for_iot2000_sl
𝑥
< 3.5.19.0
codesyscontrol_for_linux_sl
𝑥
< 3.5.19.0
codesyscontrol_for_pfc100_sl
𝑥
< 3.5.19.0
codesyscontrol_for_pfc200_sl
𝑥
< 3.5.19.0
codesyscontrol_for_plcnext_sl
𝑥
< 3.5.19.0
codesyscontrol_for_raspberry_pi_sl
𝑥
< 3.5.19.0
codesyscontrol_for_wago_touch_panels_600_sl
𝑥
< 3.5.19.0
codesyscontrol_rte_\(for_beckhoff_cx\)_sl
𝑥
< 4.8.0.0
codesyscontrol_rte_\(sl\)
𝑥
< 4.8.0.0
codesyscontrol_runtime_system_toolkit
𝑥
< 4.8.0.0
codesyscontrol_win_\(sl\)
𝑥
< 4.8.0.0
codesysdevelopment_system_v3
𝑥
< 4.8.0.0
codesyshmi_\(sl\)
𝑥
< 4.8.0.0
codesyssafety_sil2_psp
𝑥
< 4.8.0.0
codesyssafety_sil2_runtime_toolkit
𝑥
< 4.8.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=