ID

VAR-202204-0725


CVE

CVE-2022-22514


TITLE

plural  CODESYS GmbH  Product Untrusted Pointer Dereference Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-008142

DESCRIPTION

An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product contains an unreliable pointer dereference vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-22514 // JVNDB: JVNDB-2022-008142 // VULHUB: VHN-411083 // VULMON: CVE-2022-22514

AFFECTED PRODUCTS

vendor:codesysmodel:control win slscope:ltversion:3.5.18.0

Trust: 1.0

vendor:codesysmodel:edge gatewayscope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:control rte slscope:ltversion:3.5.18.0

Trust: 1.0

vendor:codesysmodel:gatewayscope:ltversion:3.5.18.0

Trust: 1.0

vendor:codesysmodel:control for empc-a\/imx6 slscope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:control for pfc200 slscope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:hmi slscope:ltversion:3.5.18.0

Trust: 1.0

vendor:codesysmodel:development systemscope:gteversion:3.0

Trust: 1.0

vendor:codesysmodel:control runtime system toolkitscope:ltversion:3.5.18.0

Trust: 1.0

vendor:codesysmodel:control for beaglebone slscope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:control for raspberry pi slscope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:control for linux slscope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:control rte sl \scope:ltversion:3.5.18.0

Trust: 1.0

vendor:codesysmodel:control for iot2000 slscope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:control for wago touch panels 600 slscope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:embedded target visu toolkitscope:ltversion:3.5.18.0

Trust: 1.0

vendor:codesysmodel:control for pfc100 slscope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:control for plcnext slscope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:control for beckhoff cx9020scope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:edge gatewayscope:ltversion:3.5.18.0

Trust: 1.0

vendor:codesysmodel:development systemscope:ltversion:3.5.18.0

Trust: 1.0

vendor:codesysmodel:remote target visu toolkitscope:ltversion:3.5.18.0

Trust: 1.0

vendor:codesysmodel:control for empc-a/imx6 slscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for plcnext slscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for iot2000 slscope: - version: -

Trust: 0.8

vendor:codesysmodel:embedded target visu toolkitscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for linux slscope: - version: -

Trust: 0.8

vendor:codesysmodel:control runtime system toolkitscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for pfc200 slscope: - version: -

Trust: 0.8

vendor:codesysmodel:gatewayscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for raspberry pi slscope: - version: -

Trust: 0.8

vendor:codesysmodel:hmi slscope: - version: -

Trust: 0.8

vendor:codesysmodel:development systemscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for beaglebone slscope: - version: -

Trust: 0.8

vendor:codesysmodel:control rte v3scope: - version: -

Trust: 0.8

vendor:codesysmodel:control for beckhoff cx9020scope: - version: -

Trust: 0.8

vendor:codesysmodel:control win slscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for wago touch panels 600 slscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for pfc100 slscope: - version: -

Trust: 0.8

vendor:codesysmodel:control rte slscope: - version: -

Trust: 0.8

vendor:codesysmodel:edge gatewayscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-008142 // NVD: CVE-2022-22514

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22514
value: HIGH

Trust: 1.0

info@cert.vde.com: CVE-2022-22514
value: HIGH

Trust: 1.0

NVD: CVE-2022-22514
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202204-2621
value: HIGH

Trust: 0.6

VULHUB: VHN-411083
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-22514
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-22514
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-411083
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-22514
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.2
version: 3.1

Trust: 2.0

NVD: CVE-2022-22514
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-411083 // VULMON: CVE-2022-22514 // JVNDB: JVNDB-2022-008142 // CNNVD: CNNVD-202204-2621 // NVD: CVE-2022-22514 // NVD: CVE-2022-22514

PROBLEMTYPE DATA

problemtype:CWE-822

Trust: 1.1

problemtype:CWE-119

Trust: 1.0

problemtype:unreliable pointer dereference (CWE-822) [ others ]

Trust: 0.8

sources: VULHUB: VHN-411083 // JVNDB: JVNDB-2022-008142 // NVD: CVE-2022-22514

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-2621

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202204-2621

PATCH

title:CODESYS Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189800

Trust: 0.6

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-22514 // CNNVD: CNNVD-202204-2621

EXTERNAL IDS

db:NVDid:CVE-2022-22514

Trust: 3.4

db:JVNDBid:JVNDB-2022-008142

Trust: 0.8

db:CNNVDid:CNNVD-202204-2621

Trust: 0.6

db:VULHUBid:VHN-411083

Trust: 0.1

db:VULMONid:CVE-2022-22514

Trust: 0.1

sources: VULHUB: VHN-411083 // VULMON: CVE-2022-22514 // JVNDB: JVNDB-2022-008142 // CNNVD: CNNVD-202204-2621 // NVD: CVE-2022-22514

REFERENCES

url:https://customers.codesys.com/index.php?eid=dumpfile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download=

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-22514

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-22514/

Trust: 0.6

url:https://customers.codesys.com/index.php?eid=dumpfile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download=

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/822.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-411083 // VULMON: CVE-2022-22514 // JVNDB: JVNDB-2022-008142 // CNNVD: CNNVD-202204-2621 // NVD: CVE-2022-22514

SOURCES

db:VULHUBid:VHN-411083
db:VULMONid:CVE-2022-22514
db:JVNDBid:JVNDB-2022-008142
db:CNNVDid:CNNVD-202204-2621
db:NVDid:CVE-2022-22514

LAST UPDATE DATE

2024-11-23T22:10:48.063000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-411083date:2022-05-10T00:00:00
db:VULMONid:CVE-2022-22514date:2022-05-10T00:00:00
db:JVNDBid:JVNDB-2022-008142date:2023-07-24T08:23:00
db:CNNVDid:CNNVD-202204-2621date:2022-04-28T00:00:00
db:NVDid:CVE-2022-22514date:2024-11-21T06:46:56.033

SOURCES RELEASE DATE

db:VULHUBid:VHN-411083date:2022-04-07T00:00:00
db:VULMONid:CVE-2022-22514date:2022-04-07T00:00:00
db:JVNDBid:JVNDB-2022-008142date:2023-07-24T00:00:00
db:CNNVDid:CNNVD-202204-2621date:2022-04-07T00:00:00
db:NVDid:CVE-2022-22514date:2022-04-07T19:15:08.133