First published: Fri Jun 24 2022(Updated: )
In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. User interaction is not required.
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
CODESYS PLCWinNT | >=2.0<2.4.7.57 | |
Codesys Runtime Toolkit | >=2.0<2.4.7.57 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-32137 is a vulnerability found in multiple CODESYS products that allows a low privileged remote attacker to cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite.
No, user interaction is not required to exploit the CVE-2022-32137 vulnerability.
The CODESYS PLCWinNT and Codesys Runtime Toolkit products are affected by CVE-2022-32137.
CVE-2022-32137 has a high severity rating with a score of 8.8.
To fix the CVE-2022-32137 vulnerability, users are advised to apply the latest security patches provided by CODESYS.