OpenCVE

In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Codesys	Control For Beaglebone Sl Control For Empc-a\/imx6 Sl Control For Iot2000 Sl Control For Linux Sl Control For Pfc100 Sl Control For Pfc200 Sl Control For Plcnext Sl Control For Raspberry Pi Sl Control For Wago Touch Panels 600 Sl Control Rte Sl Control Rte Sl \(for Beckhoff Cx\) Control Runtime System Toolkit Control Win Sl Hmi Sl

Configuration 1 [-]

OR	cpe:2.3:a:codesys:control_for_beaglebone_sl::::::::
	cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl::::::::
	cpe:2.3:a:codesys:control_for_iot2000_sl::::::::
	cpe:2.3:a:codesys:control_for_linux_sl::::::::
	cpe:2.3:a:codesys:control_for_pfc100_sl::::::::
	cpe:2.3:a:codesys:control_for_pfc200_sl::::::::
	cpe:2.3:a:codesys:control_for_plcnext_sl::::::::
	cpe:2.3:a:codesys:control_for_raspberry_pi_sl::::::::
	cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl::::::::
	cpe:2.3:a:codesys:control_rte_sl::::::::
	cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\)::::::::
	cpe:2.3:a:codesys:control_runtime_system_toolkit::::::::
	cpe:2.3:a:codesys:control_win_sl::::::::
	cpe:2.3:a:codesys:hmi_sl::::::::

No data.

References

Link	Providers
https://cert.vde.com/en/advisories/VDE-2023-025/

History

Tue, 22 Oct 2024 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2023-08-03T12:39:44.002Z

Updated: 2024-10-22T19:44:02.247Z

Reserved: 2022-11-17T07:07:09.714Z

Link: CVE-2022-4046

Vulnrichment

Updated: 2024-08-03T01:27:54.486Z

NVD

Status : Analyzed

Published: 2023-08-03T13:15:09.627

Modified: 2023-08-08T15:54:22.383

Link: CVE-2022-4046

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-4046", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2022-11-17T07:07:09.714Z", "datePublished": "2023-08-03T12:39:44.002Z", "dateUpdated": "2024-10-22T19:44:02.247Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "CODESYS Control for BeagleBone SL", "vendor": "CODESYS", "versions": [{"status": "affected", "version": "all"}]}, {"defaultStatus": "affected", "product": "CODESYS Control for emPC-A/iMX6 SL", "vendor": "CODESYS", "versions": [{"status": "affected", "version": "all"}]}, {"defaultStatus": "affected", "product": "CODESYS Control for IOT2000 SL", "vendor": "CODESYS", "versions": [{"status": "affected", "version": "all"}]}, {"defaultStatus": "affected", "product": "CODESYS Control for Linux SL", "vendor": "CODESYS", "versions": [{"status": "affected", "version": "all"}]}, {"defaultStatus": "affected", "product": "CODESYS Control for PFC100 SL", "vendor": "CODESYS", "versions": [{"status": "affected", "version": "all"}]}, {"defaultStatus": "affected", "product": "CODESYS Control for PFC200 SL", "vendor": "CODESYS", "versions": [{"status": "affected", "version": "all"}]}, {"defaultStatus": "affected", "product": "CODESYS Control for PLCnext SL", "vendor": "CODESYS", "versions": [{"status": "affected", "version": "all"}]}, {"defaultStatus": "affected", "product": "CODESYS Control for Raspberry Pi SL", "vendor": "CODESYS", "versions": [{"status": "affected", "version": "all"}]}, {"defaultStatus": "affected", "product": "CODESYS Control for WAGO Touch Panels 600 SL", "vendor": "CODESYS", "versions": [{"status": "affected", "version": "all"}]}, {"defaultStatus": "affected", "product": "CODESYS Control RTE (for Beckhoff CX) SL", "vendor": "CODESYS", "versions": [{"status": "affected", "version": "all"}]}, {"defaultStatus": "affected", "product": "CODESYS Control RTE (SL)", "vendor": "CODESYS", "versions": [{"status": "affected", "version": "all"}]}, {"defaultStatus": "affected", "product": "CODESYS Control Runtime System Toolkit", "vendor": "CODESYS", "versions": [{"status": "affected", "version": "all"}]}, {"defaultStatus": "affected", "product": "CODESYS Control Win (SL)", "vendor": "CODESYS", "versions": [{"status": "affected", "version": "all"}]}, {"defaultStatus": "affected", "product": "CODESYS HMI (SL)", "vendor": "CODESYS", "versions": [{"status": "affected", "version": "all"}]}], "datePublic": "2023-08-03T10:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device."}], "value": "In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-08-03T12:39:44.002Z"}, "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-025/"}], "source": {"defect": ["CERT@VDE#64299"], "discovery": "EXTERNAL"}, "title": "CODESYS: Improper memory restrictions fro CODESYS Control", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:27:54.486Z"}, "title": "CVE Program Container", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-025/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-22T19:43:34.142141Z", "id": "CVE-2022-4046", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T19:44:02.247Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-025/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:27:54.486Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-4046", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-22T19:43:34.142141Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T19:43:49.571Z"}}], "cna": {"title": "CODESYS: Improper memory restrictions fro CODESYS Control", "source": {"defect": ["CERT@VDE#64299"], "discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "CODESYS", "product": "CODESYS Control for BeagleBone SL", "versions": [{"status": "affected", "version": "all"}], "defaultStatus": "affected"}, {"vendor": "CODESYS", "product": "CODESYS Control for emPC-A/iMX6 SL", "versions": [{"status": "affected", "version": "all"}], "defaultStatus": "affected"}, {"vendor": "CODESYS", "product": "CODESYS Control for IOT2000 SL", "versions": [{"status": "affected", "version": "all"}], "defaultStatus": "affected"}, {"vendor": "CODESYS", "product": "CODESYS Control for Linux SL", "versions": [{"status": "affected", "version": "all"}], "defaultStatus": "affected"}, {"vendor": "CODESYS", "product": "CODESYS Control for PFC100 SL", "versions": [{"status": "affected", "version": "all"}], "defaultStatus": "affected"}, {"vendor": "CODESYS", "product": "CODESYS Control for PFC200 SL", "versions": [{"status": "affected", "version": "all"}], "defaultStatus": "affected"}, {"vendor": "CODESYS", "product": "CODESYS Control for PLCnext SL", "versions": [{"status": "affected", "version": "all"}], "defaultStatus": "affected"}, {"vendor": "CODESYS", "product": "CODESYS Control for Raspberry Pi SL", "versions": [{"status": "affected", "version": "all"}], "defaultStatus": "affected"}, {"vendor": "CODESYS", "product": "CODESYS Control for WAGO Touch Panels 600 SL", "versions": [{"status": "affected", "version": "all"}], "defaultStatus": "affected"}, {"vendor": "CODESYS", "product": "CODESYS Control RTE (for Beckhoff CX) SL", "versions": [{"status": "affected", "version": "all"}], "defaultStatus": "affected"}, {"vendor": "CODESYS", "product": "CODESYS Control RTE (SL)", "versions": [{"status": "affected", "version": "all"}], "defaultStatus": "affected"}, {"vendor": "CODESYS", "product": "CODESYS Control Runtime System Toolkit", "versions": [{"status": "affected", "version": "all"}], "defaultStatus": "affected"}, {"vendor": "CODESYS", "product": "CODESYS Control Win (SL)", "versions": [{"status": "affected", "version": "all"}], "defaultStatus": "affected"}, {"vendor": "CODESYS", "product": "CODESYS HMI (SL)", "versions": [{"status": "affected", "version": "all"}], "defaultStatus": "affected"}], "datePublic": "2023-08-03T10:30:00.000Z", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-025/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device.", "supportingMedia": [{"type": "text/html", "value": "In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-08-03T12:39:44.002Z"}}}, "cveMetadata": {"cveId": "CVE-2022-4046", "state": "PUBLISHED", "dateUpdated": "2024-10-22T19:44:02.247Z", "dateReserved": "2022-11-17T07:07:09.714Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2023-08-03T12:39:44.002Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "2390BDA5-FC7C-43F2-A6D0-098DE49E8092", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "07DC0FD5-57BB-41CD-9FFD-36FEC5573BFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE2276F0-8EF2-4CEA-9A75-010D31F8D76C", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB41ACE5-0064-4BBC-AEF7-2A89D21EEA83", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "D23780DF-5CF3-4D88-83A4-D5D0E6BF7274", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "0CAF552D-E704-4979-9335-6290F11D6EA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "31A0FF97-A6E5-4339-B68A-E1F76A24D50E", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC1C54A7-686C-433C-91B0-B84720ABFC81", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1B0A7F9-9F70-4217-AF38-14E9F9F7CDDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2102923-8711-4D2C-BF3E-870AC1D8F2AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*", "matchCriteriaId": "98918E65-854F-4719-8419-79578C5F9EAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "07750392-D8FF-413D-82F9-55B9F2F12B55", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE76A4D8-070C-45D7-AF3B-12FFD6BD73E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "23B980AB-A690-43C0-A117-929C4AD7A2DF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device."}], "id": "CVE-2022-4046", "lastModified": "2023-08-08T15:54:22.383", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Primary"}]}, "published": "2023-08-03T13:15:09.627", "references": [{"source": "info@cert.vde.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2023-025/"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "info@cert.vde.com", "type": "Primary"}]}