CVE-2022-47390: CODESYS: Multiple products prone to stack based out-of-bounds write
First published: Mon May 15 2023(Updated: )
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Credit: info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CODESYS Control Beaglebone SL | <3.5.19.0 | |
| CODESYS Control for empc-a/imx6 | <3.5.19.0 | |
| CODESYS Control for IoT2000 | <3.5.19.0 | |
| CODESYS Control for Linux SL | <3.5.19.0 | |
| CODESYS Control for PFC100 SL | <3.5.19.0 | |
| CODESYS Control for pfc200 SL | <3.5.19.0 | |
| CODESYS Control for PLCnext SL | <3.5.19.0 | |
| CODESYS Raspberry Pi | <3.5.19.0 | |
| CODESYS Control for WAGO Touch Panels 600 | <3.5.19.0 | |
| CODESYS Control RTE SL | <4.8.0.0 | |
| CODESYS Control RTE | <4.8.0.0 | |
| CODESYS Runtime System Toolkit | <4.8.0.0 | |
| CODESYS Control Win SL | <4.8.0.0 | |
| CODESYS Development System V3 | <4.8.0.0 | |
| CODESYS HMI (SL) | <4.8.0.0 | |
| CODESYS Safety SIL2 | <4.8.0.0 | |
| CODESYS Safety SIL2 | <4.8.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-47390?
CVE-2022-47390 is a stack-based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products.
How does CVE-2022-47390 impact the affected software?
CVE-2022-47390 can lead to a denial-of-service condition, memory overwriting, or remote code execution in the affected CODESYS products.
What is the severity of CVE-2022-47390?
CVE-2022-47390 has a severity rating of 8.8 (high).
Which CODESYS products are affected by CVE-2022-47390?
The following CODESYS products are affected by CVE-2022-47390: Codesys Control For Beaglebone Sl, Control For Empc-a/imx6 Sl, Control For Iot2000 Sl, Control For Linux Sl, Control For Pfc100 Sl, Control For Pfc200 Sl, Control For Plcnext Sl, Control For Raspberry Pi Sl, Control For Wago Touch Panels 600 Sl, Control Rte (for Beckhoff Cx) Sl, Control Rte (sl), Control Runtime System Toolkit, Control Win (sl), CODESYS Development System V3, Codesys Hmi (sl), Codesys Safety Sil2 Psp, and Codesys Safety Sil2 Runtime Toolkit.
How can I mitigate CVE-2022-47390?
Apply the necessary security patches provided by CODESYS to mitigate CVE-2022-47390.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/title
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/codesys
- canonical/codesys control beaglebone sl
- canonical/codesys control for empc-a/imx6
- canonical/codesys control for iot2000
- canonical/codesys control for linux sl
- canonical/codesys control for pfc100 sl
- canonical/codesys control for pfc200 sl
- canonical/codesys control for plcnext sl
- canonical/codesys raspberry pi
- canonical/codesys control for wago touch panels 600
- canonical/codesys control rte sl
- canonical/codesys control rte
- canonical/codesys runtime system toolkit
- canonical/codesys control win sl
- canonical/codesys development system v3
- canonical/codesys hmi (sl)
- canonical/codesys safety sil2