What is CVE-2022-32143?

CVE-2022-32143 is a vulnerability in multiple CODESYS products that allows for unauthorized access to internal files in the working directory.

What is the severity of CVE-2022-32143?

CVE-2022-32143 has a severity rating of 8.8, which is classified as high.

Which products are affected by CVE-2022-32143?

CVE-2022-32143 affects CODESYS PLCWinNT and Codesys Runtime Toolkit versions 2.0 to 2.4.7.57.

How does CVE-2022-32143 allow unauthorized access to internal files?

CVE-2022-32143 allows access to internal files through the file download and upload function in CODESYS products.

Is there a fix for CVE-2022-32143?

At the time of writing, no specific fix or patch has been mentioned for CVE-2022-32143. It is recommended to follow the vendor's advisories and apply any updates or mitigations provided.

Vulnerability/
CVE-2022-32143

high

8.8

CWE

552

15/6/2022

3/8/2024

CVE-2022-32143: CODESYS runtime system prone to directory acces

First published: Wed Jun 15 2022(Updated: )

In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required

Credit: info@cert.vde.com

Affected Software	Affected Version	How to fix
CODESYS PLCWinNT	>=2.0<2.4.7.57
Codesys Runtime Toolkit	>=2.0<2.4.7.57

Never miss a vulnerability like this again

Reference Links

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download=

Frequently Asked Questions

What is CVE-2022-32143?
CVE-2022-32143 is a vulnerability in multiple CODESYS products that allows for unauthorized access to internal files in the working directory.
What is the severity of CVE-2022-32143?
CVE-2022-32143 has a severity rating of 8.8, which is classified as high.
Which products are affected by CVE-2022-32143?
CVE-2022-32143 affects CODESYS PLCWinNT and Codesys Runtime Toolkit versions 2.0 to 2.4.7.57.
How does CVE-2022-32143 allow unauthorized access to internal files?
CVE-2022-32143 allows access to internal files through the file download and upload function in CODESYS products.
Is there a fix for CVE-2022-32143?
At the time of writing, no specific fix or patch has been mentioned for CVE-2022-32143. It is recommended to follow the vendor's advisories and apply any updates or mitigations provided.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/author
agent/severity
agent/references
agent/title
agent/first-publish-date
agent/tags
agent/event
agent/description
vendor/codesys
canonical/codesys plcwinnt
version/codesys plcwinnt/2.0
canonical/codesys runtime toolkit
version/codesys runtime toolkit/2.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.