1. Home
  2. CVE Database
  3. CVE-2022-30792
HIGH · 7.5

CVE-2022-30792

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are no...

Vulnerability Description

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
CodesysControl For Beaglebone< 4.5.0.0
CodesysControl For Empc-A\/Imx6< 4.5.0.0
CodesysControl For Iot2000 Sl< 4.6.0.0
CodesysControl For Linux Sl< 4.5.0.0
CodesysControl For Pfc100 Sl< 4.5.0.0
CodesysControl For Pfc200 Sl< 4.5.0.0
CodesysControl For Plcnext< 4.6.0.0
CodesysControl For Raspberry Pi Sl< 4.5.0.0
CodesysControl For Wago Touch Panels 600< 4.5.0.0
CodesysControl Rte Sl< 3.5.18.20
CodesysControl Rte Sl \(For Beckhoff Cx\)< 3.5.18.20
CodesysControl Runtime System Toolkit< 3.5.18.20
CodesysControl Win< 3.5.18.20
CodesysDevelopment System< 3.5.18.20
CodesysEdge Gateway< 3.5.18.20
CodesysEmbedded Target Visu Toolkit< 3.5.18.20
CodesysGateway< 3.5.18.20
CodesysHmi< 3.5.18.20
CodesysRemote Target Visu Toolkit< 3.5.18.20

Related Weaknesses (CWE)

CWE-400

References

FAQ

What is CVE-2022-30792?

CVE-2022-30792 is a vulnerability with a CVSS score of 7.5 (HIGH). In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are no...

How severe is CVE-2022-30792?

CVE-2022-30792 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-30792?

Check the references section above for vendor advisories and patch information. Affected products include: Codesys Control For Beaglebone, Codesys Control For Empc-A\/Imx6, Codesys Control For Iot2000 Sl, Codesys Control For Linux Sl, Codesys Control For Pfc100 Sl.