CVE-2022-22513 — NULL Pointer Dereference in Control FOR Beaglebone SL

CWE-476 — NULL Pointer Dereference3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 52.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Codesys Control FOR Beaglebone SL Codesys Control FOR Beckhoff Cx9020 SL Codesys Control FOR Empc-a Imx6 SL +37 more

Timeline

PublishedApr 7

Latest updateApr 8

Description

An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages31 packages

▶NVDcodesys/remote_target_visu_toolkit< 3.5.18.0

▶CVEListV5codesys/codesys_remote_target_visu_toolkitV3.5.18.0 — V3.5.18.0

▶NVDcodesys/hmi_sl< 3.5.18.0

▶NVDcodesys/control< 4.5.0.0

▶NVDcodesys/gateway< 3.5.18.0

🔴Vulnerability Details

GHSA

GHSA-4555-4gmg-wpcm: An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a c↗2022-04-08

▶

CVEList

Null Pointer Dereference in multiple CODESYS products can lead to a DoS.↗2022-04-07

▶