CVE-2022-22514

CWE-822CWE-119Buffer Overflow3 documents3 sources
Severity
7.1HIGH
EPSS
0.4%
top 40.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
41
Codesys Codesys Control FOR Beaglebone SLCodesys Codesys Control FOR Beckhoff Cx9020 SLCodesys Codesys Control FOR Empc-a/imx6 SL+38 more
Timeline
PublishedApr 7
Latest updateApr 8

Description

An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:HExploitability: 2.8 | Impact: 4.2

Affected Packages32 packages

NVDcodesys/control< 4.5.0.0
NVDcodesys/control_rte_sl< 3.5.18.0
NVDcodesys/control_win_sl< 3.5.18.0
CVEListV5codesys/codesys_control_rte_(sl)V3.5.18.0V3.5.18.0
CVEListV5codesys/codesys_control_win_(sl)V3.5.18.0V3.5.18.0

🔴Vulnerability Details

2
GHSA
GHSA-5j8x-4qfw-cwj9: An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request2022-04-08
CVEList
Untrusted Pointer Dereference in multiple CODESYS products can lead to a DoS.2022-04-07
CVE-2022-22514 (HIGH CVSS 7.1) | An authenticated | cvebase.io