CVE-2022-22516

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

7.8HIGH

EPSS

0.0%

top 88.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Codesys Codesys Control RTE (for Beckhoff CX) SL Codesys Codesys Control RTE (sl)Codesys Codesys Control WIN (sl)+5 more

Timeline

PublishedApr 7

Latest updateApr 8

Description

The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

▶NVDcodesys/development_system< 3.5.18.0

▶CVEListV5codesys/codesys_development_system_v3V3.5.18.0 — V3.5.18.0

▶NVDcodesys/control_rte_sl< 3.5.18.0

▶NVDcodesys/control_win_sl< 3.5.18.0

▶CVEListV5codesys/codesys_control_rte_(sl)V3.5.18.0 — V3.5.18.0

🔴Vulnerability Details

GHSA

GHSA-wg22-wcgm-8m72: The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space↗2022-04-08

▶

CVEList

CODESYS driver SysDrv3S allows SYSTEM users on Microsoft Windows to read and write in restricted memory space.↗2022-04-07

▶