First published: Fri Jun 24 2022(Updated: )
In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. User Interaction is not required.
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
CODESYS PLCWinNT | >=2.0<2.4.7.57 | |
Codesys Runtime Toolkit | >=2.0<2.4.7.57 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-32139.
The severity of CVE-2022-32139 is medium, with a severity value of 6.5.
The affected software includes CODESYS PLCWinNT (version 2.0 to 2.4.7.57) and Codesys Runtime Toolkit (version 2.0 to 2.4.7.57).
CVE-2022-32139 allows a low privileged remote attacker to cause a denial-of-service condition through an out-of-bounds read.
No, user interaction is not required to exploit CVE-2022-32139.