CVE-2022-47393: CODESYS: Multiple products prone to improperly restricted memory operations
First published: Mon May 15 2023(Updated: )
An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation.
Credit: info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Codesys Control For Beaglebone Sl | <3.5.19.0 | |
| Codesys Control For Empc-a\/imx6 Sl | <3.5.19.0 | |
| Codesys Control For Iot2000 Sl | <3.5.19.0 | |
| Codesys Control For Linux Sl | <3.5.19.0 | |
| Codesys Control For Pfc100 Sl | <3.5.19.0 | |
| Codesys Control For Pfc200 Sl | <3.5.19.0 | |
| Codesys Control For Plcnext Sl | <3.5.19.0 | |
| Codesys Control For Raspberry Pi Sl | <3.5.19.0 | |
| Codesys Control For Wago Touch Panels 600 Sl | <3.5.19.0 | |
| Codesys Control Rte \(for Beckhoff Cx\) Sl | <4.8.0.0 | |
| Codesys Control Rte \(sl\) | <4.8.0.0 | |
| Codesys Control Runtime System Toolkit | <4.8.0.0 | |
| Codesys Control Win \(sl\) | <4.8.0.0 | |
| CODESYS Development System V3 | <4.8.0.0 | |
| Codesys Hmi \(sl\) | <4.8.0.0 | |
| Codesys Safety Sil2 Psp | <4.8.0.0 | |
| Codesys Safety Sil2 Runtime Toolkit | <4.8.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this security issue?
The vulnerability ID of this security issue is CVE-2022-47393.
What is the severity level of CVE-2022-47393?
The severity level of CVE-2022-47393 is medium, with a severity value of 6.5.
Which products are affected by CVE-2022-47393?
Multiple versions of multiple CODESYS products are affected by CVE-2022-47393. The affected products include Codesys Control For Beaglebone Sl, Codesys Control For Empc-a/imx6 Sl, Codesys Control For Iot2000 Sl, Codesys Control For Linux Sl, Codesys Control For Pfc100 Sl, Codesys Control For Pfc200 Sl, Codesys Control For Plcnext Sl, Codesys Control For Raspberry Pi Sl, Codesys Control For Wago Touch Panels 600 Sl, Codesys Control Rte (for Beckhoff Cx) Sl, Codesys Control Rte (sl), Codesys Control Runtime System Toolkit, Codesys Control Win (sl), CODESYS Development System V3, Codesys Hmi (sl), Codesys Safety Sil2 Psp, and Codesys Safety Sil2 Runtime Toolkit.
What is the issue with CVE-2022-47393?
CVE-2022-47393 is an Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability, which can be exploited by an authenticated remote attacker to force a denial-of-service situation.
How can CVE-2022-47393 be fixed?
To fix CVE-2022-47393, it is recommended to update to a version that is not vulnerable. Please refer to the vendor's website for the latest patches and updates.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/codesys
- canonical/codesys control for beaglebone sl
- canonical/codesys control for empc-a\/imx6 sl
- canonical/codesys control for iot2000 sl
- canonical/codesys control for linux sl
- canonical/codesys control for pfc100 sl
- canonical/codesys control for pfc200 sl
- canonical/codesys control for plcnext sl
- canonical/codesys control for raspberry pi sl
- canonical/codesys control for wago touch panels 600 sl
- canonical/codesys control rte \(for beckhoff cx\) sl
- canonical/codesys control rte \(sl\)
- canonical/codesys control runtime system toolkit
- canonical/codesys control win \(sl\)
- canonical/codesys development system v3
- canonical/codesys hmi \(sl\)
- canonical/codesys safety sil2 psp
- canonical/codesys safety sil2 runtime toolkit