Sign-up

ID

VAR-202207-0490


CVE

CVE-2022-30791


TITLE

plural  CODESYS GmbH  Product resource exhaustion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-012665

DESCRIPTION

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected. control for beaglebone , control for empc-a/imx6 , CODESYS Control for IOT2000 SL etc. multiple CODESYS GmbH The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-30791 // JVNDB: JVNDB-2022-012665 // VULHUB: VHN-422575 // VULMON: CVE-2022-30791

AFFECTED PRODUCTS

vendor:codesysmodel:control for empc-a\/imx6scope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:control for iot2000 slscope:ltversion:4.6.0.0

Trust: 1.0

vendor:codesysmodel:control for wago touch panels 600scope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:control for pfc200 slscope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:control for beaglebonescope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:control rte sl \scope:ltversion:3.5.18.20

Trust: 1.0

vendor:codesysmodel:control for linux slscope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:remote target visu toolkitscope:ltversion:3.5.18.20

Trust: 1.0

vendor:codesysmodel:control for raspberry pi slscope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:edge gatewayscope:ltversion:3.5.18.20

Trust: 1.0

vendor:codesysmodel:development systemscope:ltversion:3.5.18.20

Trust: 1.0

vendor:codesysmodel:gatewayscope:ltversion:3.5.18.20

Trust: 1.0

vendor:codesysmodel:control rte slscope:ltversion:3.5.18.20

Trust: 1.0

vendor:codesysmodel:edge gatewayscope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:control for pfc100 slscope:ltversion:4.5.0.0

Trust: 1.0

vendor:codesysmodel:embedded target visu toolkitscope:ltversion:3.5.18.20

Trust: 1.0

vendor:codesysmodel:control runtime system toolkitscope:ltversion:3.5.18.20

Trust: 1.0

vendor:codesysmodel:control for plcnextscope:ltversion:4.6.0.0

Trust: 1.0

vendor:codesysmodel:hmiscope:ltversion:3.5.18.20

Trust: 1.0

vendor:codesysmodel:control winscope:ltversion:3.5.18.20

Trust: 1.0

vendor:codesysmodel:control for iot2000 slscope: - version: -

Trust: 0.8

vendor:codesysmodel:embedded target visu toolkitscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for beaglebonescope: - version: -

Trust: 0.8

vendor:codesysmodel:control for linux slscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for pfc100 slscope: - version: -

Trust: 0.8

vendor:codesysmodel:gatewayscope: - version: -

Trust: 0.8

vendor:codesysmodel:control winscope: - version: -

Trust: 0.8

vendor:codesysmodel:control rte v3scope: - version: -

Trust: 0.8

vendor:codesysmodel:control rte slscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for wago touch panels 600scope: - version: -

Trust: 0.8

vendor:codesysmodel:control for empc-a/imx6scope: - version: -

Trust: 0.8

vendor:codesysmodel:edge gatewayscope: - version: -

Trust: 0.8

vendor:codesysmodel:remote target visu toolkitscope: - version: -

Trust: 0.8

vendor:codesysmodel:control runtime system toolkitscope: - version: -

Trust: 0.8

vendor:codesysmodel:hmiscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for plcnextscope: - version: -

Trust: 0.8

vendor:codesysmodel:development systemscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for pfc200 slscope: - version: -

Trust: 0.8

vendor:codesysmodel:control for raspberry pi slscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-012665 // NVD: CVE-2022-30791

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-30791
value: HIGH

Trust: 1.0

info@cert.vde.com: CVE-2022-30791
value: HIGH

Trust: 1.0

NVD: CVE-2022-30791
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202207-787
value: HIGH

Trust: 0.6

VULHUB: VHN-422575
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-30791
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-30791
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-422575
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-30791
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2022-012665
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-422575 // VULMON: CVE-2022-30791 // JVNDB: JVNDB-2022-012665 // CNNVD: CNNVD-202207-787 // NVD: CVE-2022-30791 // NVD: CVE-2022-30791

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:Resource exhaustion (CWE-400) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-422575 // JVNDB: JVNDB-2022-012665 // NVD: CVE-2022-30791

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-787

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202207-787

PATCH

title:3S-Smart Software Solutions CODESYS Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200893

Trust: 0.6

sources: CNNVD: CNNVD-202207-787

EXTERNAL IDS

db:NVDid:CVE-2022-30791

Trust: 3.4

db:JVNDBid:JVNDB-2022-012665

Trust: 0.8

db:CNNVDid:CNNVD-202207-787

Trust: 0.6

db:VULHUBid:VHN-422575

Trust: 0.1

db:VULMONid:CVE-2022-30791

Trust: 0.1

sources: VULHUB: VHN-422575 // VULMON: CVE-2022-30791 // JVNDB: JVNDB-2022-012665 // CNNVD: CNNVD-202207-787 // NVD: CVE-2022-30791

REFERENCES

url:https://customers.codesys.com/index.php?eid=dumpfile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download=

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-30791

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-30791/

Trust: 0.6

url:https://customers.codesys.com/index.php?eid=dumpfile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download=

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/400.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-422575 // VULMON: CVE-2022-30791 // JVNDB: JVNDB-2022-012665 // CNNVD: CNNVD-202207-787 // NVD: CVE-2022-30791

SOURCES

db:VULHUBid:VHN-422575
db:VULMONid:CVE-2022-30791
db:JVNDBid:JVNDB-2022-012665
db:CNNVDid:CNNVD-202207-787
db:NVDid:CVE-2022-30791

LAST UPDATE DATE

2024-08-14T13:22:03.238000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-422575date:2022-09-23T00:00:00
db:VULMONid:CVE-2022-30791date:2022-07-20T00:00:00
db:JVNDBid:JVNDB-2022-012665date:2023-08-31T08:32:00
db:CNNVDid:CNNVD-202207-787date:2022-07-21T00:00:00
db:NVDid:CVE-2022-30791date:2022-09-23T16:26:08.200

SOURCES RELEASE DATE

db:VULHUBid:VHN-422575date:2022-07-11T00:00:00
db:VULMONid:CVE-2022-30791date:2022-07-11T00:00:00
db:JVNDBid:JVNDB-2022-012665date:2023-08-31T00:00:00
db:CNNVDid:CNNVD-202207-787date:2022-07-11T00:00:00
db:NVDid:CVE-2022-30791date:2022-07-11T11:15:08.177