Vulnerability Description
In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Codesys | Control For Beaglebone Sl | All versions |
| Codesys | Control For Empc-A\/Imx6 Sl | All versions |
| Codesys | Control For Iot2000 Sl | All versions |
| Codesys | Control For Linux Sl | All versions |
| Codesys | Control For Pfc100 Sl | All versions |
| Codesys | Control For Pfc200 Sl | All versions |
| Codesys | Control For Plcnext Sl | All versions |
| Codesys | Control For Raspberry Pi Sl | All versions |
| Codesys | Control For Wago Touch Panels 600 Sl | All versions |
| Codesys | Control Rte Sl | All versions |
| Codesys | Control Rte Sl \(For Beckhoff Cx\) | All versions |
| Codesys | Control Runtime System Toolkit | All versions |
| Codesys | Control Win Sl | All versions |
| Codesys | Hmi Sl | All versions |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en/advisories/VDE-2023-025/MitigationThird Party Advisory
- https://cert.vde.com/en/advisories/VDE-2023-025/MitigationThird Party Advisory
FAQ
What is CVE-2022-4046?
CVE-2022-4046 is a vulnerability with a CVSS score of 8.8 (HIGH). In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device.
How severe is CVE-2022-4046?
CVE-2022-4046 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-4046?
Check the references section above for vendor advisories and patch information. Affected products include: Codesys Control For Beaglebone Sl, Codesys Control For Empc-A\/Imx6 Sl, Codesys Control For Iot2000 Sl, Codesys Control For Linux Sl, Codesys Control For Pfc100 Sl.