What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2022-47382.

What is the severity of CVE-2022-47382?

The severity of CVE-2022-47382 is high (8.8).

Which products are affected by CVE-2022-47382?

Multiple CODESYS products in multiple versions are affected by CVE-2022-47382.

What can an authenticated remote attacker do with this vulnerability?

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability to write data into the stack, leading to a denial-of-service condition, memory overwriting, or remote code execution.

How can I fix CVE-2022-47382?

To fix CVE-2022-47382, it is recommended to update to a version that is not affected by the vulnerability.

Vulnerability/
CVE-2022-47382

high

8.8

CWE

787

15/5/2023

3/8/2024

CVE-2022-47382: CODESYS: Multiple products prone to stack based out-of-bounds write

First published: Mon May 15 2023(Updated: )

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Credit: info@cert.vde.com

Affected Software	Affected Version	How to fix
CODESYS Control Beaglebone SL	<3.5.19.0
CODESYS Control for empc-a/imx6	<3.5.19.0
CODESYS Control for IoT2000	<3.5.19.0
CODESYS Control for Linux SL	<3.5.19.0
CODESYS Control for PFC100 SL	<3.5.19.0
CODESYS Control for pfc200 SL	<3.5.19.0
CODESYS Control for PLCnext SL	<3.5.19.0
CODESYS Raspberry Pi	<3.5.19.0
CODESYS Control for WAGO Touch Panels 600	<3.5.19.0
CODESYS Control RTE SL	<4.8.0.0
CODESYS Control RTE	<4.8.0.0
CODESYS Runtime System Toolkit	<4.8.0.0
CODESYS Control Win SL	<4.8.0.0
CODESYS Development System V3	<4.8.0.0
CODESYS HMI (SL)	<4.8.0.0
CODESYS Safety SIL2	<4.8.0.0
CODESYS Safety SIL2	<4.8.0.0

Never miss a vulnerability like this again

Reference Links

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-47382.
What is the severity of CVE-2022-47382?
The severity of CVE-2022-47382 is high (8.8).
Which products are affected by CVE-2022-47382?
Multiple CODESYS products in multiple versions are affected by CVE-2022-47382.
What can an authenticated remote attacker do with this vulnerability?
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability to write data into the stack, leading to a denial-of-service condition, memory overwriting, or remote code execution.
How can I fix CVE-2022-47382?
To fix CVE-2022-47382, it is recommended to update to a version that is not affected by the vulnerability.

agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/references
agent/severity
agent/title
agent/last-modified-date
agent/weakness
agent/first-publish-date
agent/event
agent/description
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/codesys
canonical/codesys control beaglebone sl
canonical/codesys control for empc-a/imx6
canonical/codesys control for iot2000
canonical/codesys control for linux sl
canonical/codesys control for pfc100 sl
canonical/codesys control for pfc200 sl
canonical/codesys control for plcnext sl
canonical/codesys raspberry pi
canonical/codesys control for wago touch panels 600
canonical/codesys control rte sl
canonical/codesys control rte
canonical/codesys runtime system toolkit
canonical/codesys control win sl
canonical/codesys development system v3
canonical/codesys hmi (sl)
canonical/codesys safety sil2