CVE-2022-32142
published 2022-06-24CVE-2022-32142: Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which…
high8.1CVSS 3.1
AVNACLPRLUINSUCNIHAH
Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which can cause an out-of-bounds read or write access, resulting in denial-of-service condition or local memory overwrite, which can lead to a change of local files. User interaction is not required.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codesys | plcwinnt | >= 2.0 < 2.4.7.57 | 2.4.7.57 |
| codesys | plcwinnt | >= V2 < V2.4.7.57 | V2.4.7.57 |
| codesys | runtime_toolkit | >= 2.0 < 2.4.7.57 | 2.4.7.57 |
| codesys | runtime_toolkit | >= V2 < V2.4.7.57 | V2.4.7.57 |