CVE-2022-30792

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

7.5HIGH

EPSS

0.4%

top 40.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Codesys Codesys Control FOR Beaglebone SL Codesys Codesys Control FOR Beckhoff Cx9020 SL Codesys Codesys Control FOR Empc-a/imx6 SL +37 more

Timeline

PublishedJul 11

Latest updateJul 12

Description

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages32 packages

▶NVDcodesys/hmi< 3.5.18.20

▶NVDcodesys/control< 4.5.0.0+1

▶NVDcodesys/gateway< 3.5.18.20

▶NVDcodesys/control_win< 3.5.18.20

▶NVDcodesys/edge_gateway< 3.5.18.20+1

🔴Vulnerability Details

GHSA

GHSA-mr6x-v529-vfj8: In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communicatio↗2022-07-12

▶

CVEList

CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels↗2022-07-11

▶