CVE-2022-1965
published 2022-06-24CVE-2022-1965: Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the…
high8.1CVSS 3.1
AVNACLPRLUINSUCNIHAH
Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User interaction is not required.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codesys | plcwinnt | >= 2.0 < 2.4.7.57 | 2.4.7.57 |
| codesys | plcwinnt | >= V2 < V2.4.7.57 | V2.4.7.57 |
| codesys | runtime_toolkit | >= 2.0 < 2.4.7.57 | 2.4.7.57 |
| codesys | runtime_toolkit | >= V2 < V2.4.7.57 | V2.4.7.57 |