First published: Fri Jun 24 2022(Updated: )
In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite.
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
CODESYS PLCWinNT | >=2.0<2.4.7.57 | |
Codesys Runtime Toolkit | >=2.0<2.4.7.57 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this CODESYS vulnerability is CVE-2022-32138.
The severity of vulnerability CVE-2022-32138 is high with a severity value of 8.8.
The CODESYS PLCWinNT version 2.0 to 2.4.7.57 and Codesys Runtime Toolkit version 2.0 to 2.4.7.57 are affected by vulnerability CVE-2022-32138.
Vulnerability CVE-2022-32138 may result in a denial-of-service condition or memory overwrite.
You can find more information about vulnerability CVE-2022-32138 at the following link: [CVE-2022-32138](https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download=).