CVE-2022-47385 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CERTVDE	CNA	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 82%

Vendor	Product	Version
codesys	control_for_beaglebone_sl	𝑥 < 3.5.19.0
codesys	control_for_empc-a\/imx6_sl	𝑥 < 3.5.19.0
codesys	control_for_iot2000_sl	𝑥 < 3.5.19.0
codesys	control_for_linux_sl	𝑥 < 3.5.19.0
codesys	control_for_pfc100_sl	𝑥 < 3.5.19.0
codesys	control_for_pfc200_sl	𝑥 < 3.5.19.0
codesys	control_for_plcnext_sl	𝑥 < 3.5.19.0
codesys	control_for_raspberry_pi_sl	𝑥 < 3.5.19.0
codesys	control_for_wago_touch_panels_600_sl	𝑥 < 3.5.19.0
codesys	control_rte_\(for_beckhoff_cx\)_sl	𝑥 < 4.8.0.0
codesys	control_rte_\(sl\)	𝑥 < 4.8.0.0
codesys	control_runtime_system_toolkit	𝑥 < 4.8.0.0
codesys	control_win_\(sl\)	𝑥 < 4.8.0.0
codesys	development_system_v3	𝑥 < 4.8.0.0
codesys	hmi_\(sl\)	𝑥 < 4.8.0.0
codesys	safety_sil2_psp	𝑥 < 4.8.0.0
codesys	safety_sil2_runtime_toolkit	𝑥 < 4.8.0.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=