CVE-2022-32137
published 2022-06-24CVE-2022-32137: In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. User interaction is not required.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codesys | plcwinnt | >= 2.0 < 2.4.7.57 | 2.4.7.57 |
| codesys | plcwinnt | >= V2 < V2.4.7.57 | V2.4.7.57 |
| codesys | runtime_toolkit | >= 2.0 < 2.4.7.57 | 2.4.7.57 |
| codesys | runtime_toolkit | >= V2 < V2.4.7.57 | V2.4.7.57 |