What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2022-47378.

What is the severity of CVE-2022-47378?

The severity of CVE-2022-47378 is medium with a CVSS score of 6.5.

Which products are affected by CVE-2022-47378?

Multiple CODESYS products in multiple versions are affected by CVE-2022-47378. Please refer to the affected software section for the complete list.

How can an attacker exploit CVE-2022-47378?

An authenticated remote attacker can exploit CVE-2022-47378 by crafting specific requests that use the vulnerability, leading to a denial-of-service condition.

Are there any references or additional information available for CVE-2022-47378?

Yes, you can find more information about CVE-2022-47378 at the following link: [Reference Link](https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=)

Vulnerability/
CVE-2022-47378

medium

6.5

CWE

15/5/2023

5/3/2025

CVE-2022-47378: CODESYS: Multiple products prone to Improper Input Validation

First published: Mon May 15 2023(Updated: )

Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition.

Credit: info@cert.vde.com

Affected Software	Affected Version	How to fix
CODESYS Control Beaglebone SL	<3.5.19.0
CODESYS Control for empc-a/imx6	<3.5.19.0
CODESYS Control for IoT2000	<3.5.19.0
CODESYS Control for Linux	<3.5.19.0
CODESYS Control PFC100 SL	<3.5.19.0
WAGO PFC200	<3.5.19.0
CODESYS Control for PLCnext	<3.5.19.0
CODESYS Control Raspberry Pi SL	<3.5.19.0
CODESYS Control for WAGO Touch Panels 600	<3.5.19.0
CODESYS Control RTE SL	<4.8.0.0
CODESYS Control RTE	<4.8.0.0
CODESYS Runtime System Toolkit	<4.8.0.0
CODESYS Control Win SL	<4.8.0.0
CODESYS Development System	<4.8.0.0
CODESYS HMI (SL)	<4.8.0.0
CODESYS Safety SIL2	<4.8.0.0
CODESYS Safety SIL2	<4.8.0.0

Never miss a vulnerability like this again

Reference Links

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-47378.
What is the severity of CVE-2022-47378?
The severity of CVE-2022-47378 is medium with a CVSS score of 6.5.
Which products are affected by CVE-2022-47378?
Multiple CODESYS products in multiple versions are affected by CVE-2022-47378. Please refer to the affected software section for the complete list.
How can an attacker exploit CVE-2022-47378?
An authenticated remote attacker can exploit CVE-2022-47378 by crafting specific requests that use the vulnerability, leading to a denial-of-service condition.
Are there any references or additional information available for CVE-2022-47378?
Yes, you can find more information about CVE-2022-47378 at the following link: [Reference Link](https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=)

agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/references
agent/severity
agent/title
agent/last-modified-date
agent/weakness
agent/first-publish-date
agent/event
agent/description
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/codesys
canonical/codesys control beaglebone sl
canonical/codesys control for empc-a/imx6
canonical/codesys control for iot2000
canonical/codesys control for linux
canonical/codesys control pfc100 sl
canonical/wago pfc200
canonical/codesys control for plcnext
canonical/codesys control raspberry pi sl
canonical/codesys control for wago touch panels 600
canonical/codesys control rte sl
canonical/codesys control rte
canonical/codesys runtime system toolkit
canonical/codesys control win sl
canonical/codesys development system
canonical/codesys hmi (sl)
canonical/codesys safety sil2