CVE-2022-22515

CWE-668 — Exposure to Wrong Sphere3 documents3 sources

Severity

8.1HIGH

EPSS

0.2%

top 62.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Codesys Codesys Control FOR Beaglebone SL Codesys Codesys Control FOR Beckhoff Cx9020 SL Codesys Codesys Control FOR Empc-a/imx6 SL +33 more

Timeline

PublishedApr 7

Latest updateApr 8

Description

A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages27 packages

▶NVDcodesys/control_runtime_system_toolkit< 3.5.18.0

▶CVEListV5codesys/codesys_control_runtime_system_toolkitV3 — V3.5.17.40

▶NVDcodesys/control< 4.5.0.0

▶NVDcodesys/control_rte_sl< 3.5.18.0

▶NVDcodesys/control_win_sl< 3.5.18.0

🔴Vulnerability Details

GHSA

GHSA-v4p3-h3rx-q79h: A remote, unauthenticated attacker could utilize the control programmer of the CODESYS Control runtime system to use the vulnerability in order to rea↗2022-04-08

▶

CVEList

A component of the CODESYS Control runtime system allows read and write access to configuration files↗2022-04-07

▶