Sign-up

ID

VAR-202207-0363


CVE

CVE-2022-30792


TITLE

plural  CODESYS GmbH  Product resource exhaustion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-012664

DESCRIPTION

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected. control for beaglebone , control for empc-a/imx6 , CODESYS Control for IOT2000 SL etc. multiple CODESYS GmbH The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-30792 // JVNDB: JVNDB-2022-012664 // VULHUB: VHN-422576 // VULMON: CVE-2022-30792

AFFECTED PRODUCTS

vendor:codesysmodel:control for empc-a\/imx6scope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:control for iot2000 slscope:ltversion:4.6.0.0

Trust: 1.0

vendor:codesysmodel:control for wago touch panels 600scope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:control for pfc200 slscope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:control for beaglebonescope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:control rte sl \scope:ltversion:3.5.18.20

Trust: 1.0

vendor:codesysmodel:control for linux slscope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:remote target visu toolkitscope:ltversion:3.5.18.20

Trust: 1.0

vendor:codesysmodel:control for raspberry pi slscope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:edge gatewayscope:ltversion:3.5.18.20

Trust: 1.0

vendor:codesysmodel:development systemscope:ltversion:3.5.18.20

Trust: 1.0

vendor:codesysmodel:gatewayscope:ltversion:3.5.18.20

Trust: 1.0

vendor:codesysmodel:control rte slscope:ltversion:3.5.18.20

Trust: 1.0

vendor:codesysmodel:edge gatewayscope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:control for pfc100 slscope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:embedded target visu toolkitscope:ltversion:3.5.18.20

Trust: 1.0

vendor:codesysmodel:control runtime system toolkitscope:ltversion:3.5.18.20

Trust: 1.0

vendor:codesysmodel:control for plcnextscope:ltversion:4.6.0.0

Trust: 1.0

vendor:codesysmodel:hmiscope:ltversion:3.5.18.20

Trust: 1.0

vendor:codesysmodel:control winscope:ltversion:3.5.18.20

Trust: 1.0

vendor:codesysmodel:control for iot2000 slscope: - version: -

Trust: 0.8

vendor:codesysmodel:embedded target visu toolkitscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for beaglebonescope: - version: -

Trust: 0.8

vendor:codesysmodel:control for linux slscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for pfc100 slscope: - version: -

Trust: 0.8

vendor:codesysmodel:gatewayscope: - version: -

Trust: 0.8

vendor:codesysmodel:control winscope: - version: -

Trust: 0.8

vendor:codesysmodel:control rte v3scope: - version: -

Trust: 0.8

vendor:codesysmodel:control rte slscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for wago touch panels 600scope: - version: -

Trust: 0.8

vendor:codesysmodel:control for empc-a/imx6scope: - version: -

Trust: 0.8

vendor:codesysmodel:edge gatewayscope: - version: -

Trust: 0.8

vendor:codesysmodel:remote target visu toolkitscope: - version: -

Trust: 0.8

vendor:codesysmodel:control runtime system toolkitscope: - version: -

Trust: 0.8

vendor:codesysmodel:hmiscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for plcnextscope: - version: -

Trust: 0.8

vendor:codesysmodel:development systemscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for pfc200 slscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for raspberry pi slscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-012664 // NVD: CVE-2022-30792

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-30792
value: HIGH

Trust: 1.0

info@cert.vde.com: CVE-2022-30792
value: HIGH

Trust: 1.0

NVD: CVE-2022-30792
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202207-791
value: HIGH

Trust: 0.6

VULHUB: VHN-422576
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-30792
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-30792
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-422576
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-30792
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2022-012664
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-422576 // VULMON: CVE-2022-30792 // JVNDB: JVNDB-2022-012664 // CNNVD: CNNVD-202207-791 // NVD: CVE-2022-30792 // NVD: CVE-2022-30792

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:Resource exhaustion (CWE-400) [ others ]

Trust: 0.8

sources: VULHUB: VHN-422576 // JVNDB: JVNDB-2022-012664 // NVD: CVE-2022-30792

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-791

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202207-791

PATCH

title:3S-Smart Software Solutions CODESYS Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200895

Trust: 0.6

sources: CNNVD: CNNVD-202207-791

EXTERNAL IDS

db:NVDid:CVE-2022-30792

Trust: 3.4

db:JVNDBid:JVNDB-2022-012664

Trust: 0.8

db:CNNVDid:CNNVD-202207-791

Trust: 0.6

db:VULHUBid:VHN-422576

Trust: 0.1

db:VULMONid:CVE-2022-30792

Trust: 0.1

sources: VULHUB: VHN-422576 // VULMON: CVE-2022-30792 // JVNDB: JVNDB-2022-012664 // CNNVD: CNNVD-202207-791 // NVD: CVE-2022-30792

REFERENCES

url:https://customers.codesys.com/index.php?eid=dumpfile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download=

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-30792

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-30792/

Trust: 0.6

url:https://customers.codesys.com/index.php?eid=dumpfile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download=

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/400.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-422576 // VULMON: CVE-2022-30792 // JVNDB: JVNDB-2022-012664 // CNNVD: CNNVD-202207-791 // NVD: CVE-2022-30792

SOURCES

db:VULHUBid:VHN-422576
db:VULMONid:CVE-2022-30792
db:JVNDBid:JVNDB-2022-012664
db:CNNVDid:CNNVD-202207-791
db:NVDid:CVE-2022-30792

LAST UPDATE DATE

2024-08-14T15:00:54.926000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-422576date:2022-09-23T00:00:00
db:VULMONid:CVE-2022-30792date:2022-07-20T00:00:00
db:JVNDBid:JVNDB-2022-012664date:2023-08-31T08:31:00
db:CNNVDid:CNNVD-202207-791date:2022-07-21T00:00:00
db:NVDid:CVE-2022-30792date:2022-09-23T16:25:41.847

SOURCES RELEASE DATE

db:VULHUBid:VHN-422576date:2022-07-11T00:00:00
db:VULMONid:CVE-2022-30792date:2022-07-11T00:00:00
db:JVNDBid:JVNDB-2022-012664date:2023-08-31T00:00:00
db:CNNVDid:CNNVD-202207-791date:2022-07-11T00:00:00
db:NVDid:CVE-2022-30792date:2022-07-11T11:15:08.240