CVE-2022-30791

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

7.5HIGH

EPSS

0.4%

top 40.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Codesys Codesys Control FOR Beaglebone SL Codesys Codesys Control FOR Beckhoff Cx9020 SL Codesys Codesys Control FOR Empc-a/imx6 SL +37 more

Timeline

PublishedJul 11

Latest updateJul 12

Description

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages32 packages

▶NVDcodesys/hmi< 3.5.18.20

▶NVDcodesys/control< 4.5.0.0+1

▶NVDcodesys/gateway< 3.5.18.20

▶NVDcodesys/control_win< 3.5.18.20

▶NVDcodesys/edge_gateway< 3.5.18.20+1

🔴Vulnerability Details

GHSA

GHSA-cxc2-v3v8-ggcp: In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections↗2022-07-12

▶

CVEList

CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections↗2022-07-11

▶