CVE-2022-22514 — HIGH (7.1)

Q: How severe is CVE-2022-22514?

CVE-2022-22514 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-22514?

Check the references section above for vendor advisories and patch information. Affected products include: Codesys Control For Beaglebone Sl, Codesys Control For Beckhoff Cx9020, Codesys Control For Empc-A\/Imx6 Sl, Codesys Control For Iot2000 Sl, Codesys Control For Linux Sl.

Vulnerability Description

An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
Codesys	Control For Beaglebone Sl	< 4.5.0.0
Codesys	Control For Beckhoff Cx9020	< 4.5.0.0
Codesys	Control For Empc-A\/Imx6 Sl	< 4.5.0.0
Codesys	Control For Iot2000 Sl	< 4.5.0.0
Codesys	Control For Linux Sl	< 4.5.0.0
Codesys	Control For Pfc100 Sl	< 4.5.0.0
Codesys	Control For Pfc200 Sl	< 4.5.0.0
Codesys	Control For Plcnext Sl	< 4.5.0.0
Codesys	Control For Raspberry Pi Sl	< 4.5.0.0
Codesys	Control For Wago Touch Panels 600 Sl	< 4.5.0.0
Codesys	Control Rte Sl	< 3.5.18.0
Codesys	Control Rte Sl \(For Beckhoff Cx\)	< 3.5.18.0
Codesys	Control Runtime System Toolkit	< 3.5.18.0
Codesys	Control Win Sl	< 3.5.18.0
Codesys	Development System	>= 3.0, < 3.5.18.0
Codesys	Edge Gateway	< 3.5.18.0
Codesys	Embedded Target Visu Toolkit	< 3.5.18.0
Codesys	Gateway	< 3.5.18.0
Codesys	Hmi Sl	< 3.5.18.0
Codesys	Remote Target Visu Toolkit	< 3.5.18.0

Related Weaknesses (CWE)

CWE-119 CWE-822

References

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd84248Vendor Advisory
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd84248Vendor Advisory

FAQ

What is CVE-2022-22514?

CVE-2022-22514 is a vulnerability with a CVSS score of 7.1 (HIGH). An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the at...

How severe is CVE-2022-22514?

CVE-2022-22514 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-22514?

Check the references section above for vendor advisories and patch information. Affected products include: Codesys Control For Beaglebone Sl, Codesys Control For Beckhoff Cx9020, Codesys Control For Empc-A\/Imx6 Sl, Codesys Control For Iot2000 Sl, Codesys Control For Linux Sl.