CVE-2022-47378 — Improper Input Validation in Control FOR Beaglebone SL

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 38.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Codesys Control FOR Beaglebone SL Codesys Control FOR Empc-a Imx6 SL Codesys Control FOR Iot2000 SL +31 more

Timeline

PublishedMay 15

Description

Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages26 packages

▶NVDcodesys/hmi< 3.5.19.0

▶NVDcodesys/control< 4.8.0.0

▶CVEListV5codesys/codesys_hmiV0.0.0.0 — V3.5.19.0

▶NVDcodesys/control_rte< 3.5.19.0

▶NVDcodesys/control_win< 3.5.19.0

🔴Vulnerability Details

CVEList

CODESYS: Multiple products prone to Improper Input Validation↗2023-05-15

▶

GHSA

GHSA-7h3m-p5gj-2q4p: Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability↗2023-05-15

▶