Vulnerability Description
A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Codesys | Control For Beaglebone Sl | >= 4.4.0.0, < 4.5.0.0 |
| Codesys | Control For Beckhoff Cx9020 | >= 4.4.0.0, < 4.5.0.0 |
| Codesys | Control For Empc-A\/Imx6 Sl | >= 4.4.0.0, < 4.5.0.0 |
| Codesys | Control For Iot2000 Sl | >= 4.4.0.0, < 4.5.0.0 |
| Codesys | Control For Linux Sl | >= 4.4.0.0, < 4.5.0.0 |
| Codesys | Control For Pfc100 Sl | >= 4.4.0.0, < 4.5.0.0 |
| Codesys | Control For Pfc200 Sl | >= 4.4.0.0, < 4.5.0.0 |
| Codesys | Control For Raspberry Pi Sl | >= 4.4.0.0, < 4.5.0.0 |
| Codesys | Control For Wago Touch Panels 600 Sl | >= 4.4.0.0, < 4.5.0.0 |
| Codesys | Control Runtime System Toolkit | >= 3.5.17.0, < 3.5.18.0 |
Related Weaknesses (CWE)
References
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17092&token=a556b1695Vendor Advisory
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17092&token=a556b1695Vendor Advisory
FAQ
What is CVE-2022-22518?
CVE-2022-22518 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy.
How severe is CVE-2022-22518?
CVE-2022-22518 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-22518?
Check the references section above for vendor advisories and patch information. Affected products include: Codesys Control For Beaglebone Sl, Codesys Control For Beckhoff Cx9020, Codesys Control For Empc-A\/Imx6 Sl, Codesys Control For Iot2000 Sl, Codesys Control For Linux Sl.