Multiple vulnerabilities in CODESYS products
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 15 |
| CVE-ID | CVE-2022-47378 CVE-2022-47393 CVE-2022-47392 CVE-2022-47385 CVE-2022-47390 CVE-2022-47389 CVE-2022-47388 CVE-2022-47387 CVE-2022-47386 CVE-2022-47384 CVE-2022-47383 CVE-2022-47382 CVE-2022-47381 CVE-2022-47380 CVE-2022-47379 |
| CWE-ID | CWE-20 CWE-822 CWE-121 CWE-787 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
CODESYS Control RTE Client/Desktop applications / Other client software CODESYS Control RTE (for Beckhoff CX) Client/Desktop applications / Other client software CODESYS Control Win Client/Desktop applications / Other client software CODESYS Control Runtime System Toolkit Client/Desktop applications / Other client software CODESYS Safety SIL2 Runtime Toolkit Client/Desktop applications / Other client software CODESYS Safety SIL2 PSP Client/Desktop applications / Other client software CODESYS HMI Client/Desktop applications / Other client software CODESYS Development System V3 Client/Desktop applications / Other client software CODESYS Control for BeagleBone SL Client/Desktop applications / Other client software CODESYS Control for emPC-A/iMX6 SL Client/Desktop applications / Other client software CODESYS Control for IOT2000 SL Client/Desktop applications / Other client software CODESYS Control for Linux SL Client/Desktop applications / Other client software CODESYS Control for PFC100 SL Client/Desktop applications / Other client software CODESYS Control for PFC200 SL Client/Desktop applications / Other client software CODESYS Control for PLCnext SL Client/Desktop applications / Other client software CODESYS Control for Raspberry Pi SL Client/Desktop applications / Other client software CODESYS Control for WAGO Touch Panels 600 SL Client/Desktop applications / Other client software |
| Vendor |
Security Bulletin
This security bulletin contains information about 15 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU85945
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47378
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpFiletransfer component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCODESYS Control RTE: before 3.5.19.0
CODESYS Control RTE (for Beckhoff CX): before 3.5.19.0
CODESYS Control Win: before 3.5.19.0
CODESYS Control Runtime System Toolkit: before 3.5.19.0
CODESYS Safety SIL2 Runtime Toolkit: before 3.5.19.0
CODESYS Safety SIL2 PSP: before 3.5.19.0
CODESYS HMI: before 3.5.19.0
CODESYS Development System V3: before 3.5.19.0
CODESYS Control for BeagleBone SL: before 4.8.0.0
CODESYS Control for emPC-A/iMX6 SL: before 4.8.0.0
CODESYS Control for IOT2000 SL: before 4.8.0.0
CODESYS Control for Linux SL: before 4.8.0.0
CODESYS Control for PFC100 SL: before 4.8.0.0
CODESYS Control for PFC200 SL: before 4.8.0.0
CODESYS Control for PLCnext SL: before 4.8.0.0
CODESYS Control for Raspberry Pi SL: before 4.8.0.0
CODESYS Control for WAGO Touch Panels 600 SL: before 4.8.0.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Untrusted Pointer Dereference
EUVDB-ID: #VU85960
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47393
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to untrusted pointer dereference in the CmpFiletransfer component . A remote usercan send a specially crafted request and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCODESYS Control RTE: before 3.5.19.0
CODESYS Control RTE (for Beckhoff CX): before 3.5.19.0
CODESYS Control Win: before 3.5.19.0
CODESYS Control Runtime System Toolkit: before 3.5.19.0
CODESYS Safety SIL2 Runtime Toolkit: before 3.5.19.0
CODESYS Safety SIL2 PSP: before 3.5.19.0
CODESYS HMI: before 3.5.19.0
CODESYS Development System V3: before 3.5.19.0
CODESYS Control for BeagleBone SL: before 4.8.0.0
CODESYS Control for emPC-A/iMX6 SL: before 4.8.0.0
CODESYS Control for IOT2000 SL: before 4.8.0.0
CODESYS Control for Linux SL: before 4.8.0.0
CODESYS Control for PFC100 SL: before 4.8.0.0
CODESYS Control for PFC200 SL: before 4.8.0.0
CODESYS Control for PLCnext SL: before 4.8.0.0
CODESYS Control for Raspberry Pi SL: before 4.8.0.0
CODESYS Control for WAGO Touch Panels 600 SL: before 4.8.0.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU85959
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47392
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the CmpApp/CmpAppBP/CmpAppForce components. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCODESYS Control RTE: before 3.5.19.0
CODESYS Control RTE (for Beckhoff CX): before 3.5.19.0
CODESYS Control Win: before 3.5.19.0
CODESYS Control Runtime System Toolkit: before 3.5.19.0
CODESYS Safety SIL2 Runtime Toolkit: before 3.5.19.0
CODESYS Safety SIL2 PSP: before 3.5.19.0
CODESYS HMI: before 3.5.19.0
CODESYS Development System V3: before 3.5.19.0
CODESYS Control for BeagleBone SL: before 4.8.0.0
CODESYS Control for emPC-A/iMX6 SL: before 4.8.0.0
CODESYS Control for IOT2000 SL: before 4.8.0.0
CODESYS Control for Linux SL: before 4.8.0.0
CODESYS Control for PFC100 SL: before 4.8.0.0
CODESYS Control for PFC200 SL: before 4.8.0.0
CODESYS Control for PLCnext SL: before 4.8.0.0
CODESYS Control for Raspberry Pi SL: before 4.8.0.0
CODESYS Control for WAGO Touch Panels 600 SL: before 4.8.0.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Stack-based buffer overflow
EUVDB-ID: #VU85958
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47385
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the CmpAppForce component. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCODESYS Control RTE: before 3.5.19.0
CODESYS Control RTE (for Beckhoff CX): before 3.5.19.0
CODESYS Control Win: before 3.5.19.0
CODESYS Control Runtime System Toolkit: before 3.5.19.0
CODESYS Safety SIL2 Runtime Toolkit: before 3.5.19.0
CODESYS Safety SIL2 PSP: before 3.5.19.0
CODESYS HMI: before 3.5.19.0
CODESYS Development System V3: before 3.5.19.0
CODESYS Control for BeagleBone SL: before 4.8.0.0
CODESYS Control for emPC-A/iMX6 SL: before 4.8.0.0
CODESYS Control for IOT2000 SL: before 4.8.0.0
CODESYS Control for Linux SL: before 4.8.0.0
CODESYS Control for PFC100 SL: before 4.8.0.0
CODESYS Control for PFC200 SL: before 4.8.0.0
CODESYS Control for PLCnext SL: before 4.8.0.0
CODESYS Control for Raspberry Pi SL: before 4.8.0.0
CODESYS Control for WAGO Touch Panels 600 SL: before 4.8.0.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Stack-based buffer overflow
EUVDB-ID: #VU85957
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47390
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the CmpTraceMgr component. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCODESYS Control RTE: before 3.5.19.0
CODESYS Control RTE (for Beckhoff CX): before 3.5.19.0
CODESYS Control Win: before 3.5.19.0
CODESYS Control Runtime System Toolkit: before 3.5.19.0
CODESYS Safety SIL2 Runtime Toolkit: before 3.5.19.0
CODESYS Safety SIL2 PSP: before 3.5.19.0
CODESYS HMI: before 3.5.19.0
CODESYS Development System V3: before 3.5.19.0
CODESYS Control for BeagleBone SL: before 4.8.0.0
CODESYS Control for emPC-A/iMX6 SL: before 4.8.0.0
CODESYS Control for IOT2000 SL: before 4.8.0.0
CODESYS Control for Linux SL: before 4.8.0.0
CODESYS Control for PFC100 SL: before 4.8.0.0
CODESYS Control for PFC200 SL: before 4.8.0.0
CODESYS Control for PLCnext SL: before 4.8.0.0
CODESYS Control for Raspberry Pi SL: before 4.8.0.0
CODESYS Control for WAGO Touch Panels 600 SL: before 4.8.0.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Stack-based buffer overflow
EUVDB-ID: #VU85956
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47389
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the CmpTraceMgr component. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCODESYS Control RTE: before 3.5.19.0
CODESYS Control RTE (for Beckhoff CX): before 3.5.19.0
CODESYS Control Win: before 3.5.19.0
CODESYS Control Runtime System Toolkit: before 3.5.19.0
CODESYS Safety SIL2 Runtime Toolkit: before 3.5.19.0
CODESYS Safety SIL2 PSP: before 3.5.19.0
CODESYS HMI: before 3.5.19.0
CODESYS Development System V3: before 3.5.19.0
CODESYS Control for BeagleBone SL: before 4.8.0.0
CODESYS Control for emPC-A/iMX6 SL: before 4.8.0.0
CODESYS Control for IOT2000 SL: before 4.8.0.0
CODESYS Control for Linux SL: before 4.8.0.0
CODESYS Control for PFC100 SL: before 4.8.0.0
CODESYS Control for PFC200 SL: before 4.8.0.0
CODESYS Control for PLCnext SL: before 4.8.0.0
CODESYS Control for Raspberry Pi SL: before 4.8.0.0
CODESYS Control for WAGO Touch Panels 600 SL: before 4.8.0.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Stack-based buffer overflow
EUVDB-ID: #VU85955
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47388
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the CmpTraceMgr component. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCODESYS Control RTE: before 3.5.19.0
CODESYS Control RTE (for Beckhoff CX): before 3.5.19.0
CODESYS Control Win: before 3.5.19.0
CODESYS Control Runtime System Toolkit: before 3.5.19.0
CODESYS Safety SIL2 Runtime Toolkit: before 3.5.19.0
CODESYS Safety SIL2 PSP: before 3.5.19.0
CODESYS HMI: before 3.5.19.0
CODESYS Development System V3: before 3.5.19.0
CODESYS Control for BeagleBone SL: before 4.8.0.0
CODESYS Control for emPC-A/iMX6 SL: before 4.8.0.0
CODESYS Control for IOT2000 SL: before 4.8.0.0
CODESYS Control for Linux SL: before 4.8.0.0
CODESYS Control for PFC100 SL: before 4.8.0.0
CODESYS Control for PFC200 SL: before 4.8.0.0
CODESYS Control for PLCnext SL: before 4.8.0.0
CODESYS Control for Raspberry Pi SL: before 4.8.0.0
CODESYS Control for WAGO Touch Panels 600 SL: before 4.8.0.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Stack-based buffer overflow
EUVDB-ID: #VU85954
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47387
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the CmpTraceMgr component. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCODESYS Control RTE: before 3.5.19.0
CODESYS Control RTE (for Beckhoff CX): before 3.5.19.0
CODESYS Control Win: before 3.5.19.0
CODESYS Control Runtime System Toolkit: before 3.5.19.0
CODESYS Safety SIL2 Runtime Toolkit: before 3.5.19.0
CODESYS Safety SIL2 PSP: before 3.5.19.0
CODESYS HMI: before 3.5.19.0
CODESYS Development System V3: before 3.5.19.0
CODESYS Control for BeagleBone SL: before 4.8.0.0
CODESYS Control for emPC-A/iMX6 SL: before 4.8.0.0
CODESYS Control for IOT2000 SL: before 4.8.0.0
CODESYS Control for Linux SL: before 4.8.0.0
CODESYS Control for PFC100 SL: before 4.8.0.0
CODESYS Control for PFC200 SL: before 4.8.0.0
CODESYS Control for PLCnext SL: before 4.8.0.0
CODESYS Control for Raspberry Pi SL: before 4.8.0.0
CODESYS Control for WAGO Touch Panels 600 SL: before 4.8.0.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Stack-based buffer overflow
EUVDB-ID: #VU85953
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47386
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the CmpTraceMgr component. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCODESYS Control RTE: before 3.5.19.0
CODESYS Control RTE (for Beckhoff CX): before 3.5.19.0
CODESYS Control Win: before 3.5.19.0
CODESYS Control Runtime System Toolkit: before 3.5.19.0
CODESYS Safety SIL2 Runtime Toolkit: before 3.5.19.0
CODESYS Safety SIL2 PSP: before 3.5.19.0
CODESYS HMI: before 3.5.19.0
CODESYS Development System V3: before 3.5.19.0
CODESYS Control for BeagleBone SL: before 4.8.0.0
CODESYS Control for emPC-A/iMX6 SL: before 4.8.0.0
CODESYS Control for IOT2000 SL: before 4.8.0.0
CODESYS Control for Linux SL: before 4.8.0.0
CODESYS Control for PFC100 SL: before 4.8.0.0
CODESYS Control for PFC200 SL: before 4.8.0.0
CODESYS Control for PLCnext SL: before 4.8.0.0
CODESYS Control for Raspberry Pi SL: before 4.8.0.0
CODESYS Control for WAGO Touch Panels 600 SL: before 4.8.0.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Stack-based buffer overflow
EUVDB-ID: #VU85952
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47384
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the CmpTraceMgr component. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCODESYS Control RTE: before 3.5.19.0
CODESYS Control RTE (for Beckhoff CX): before 3.5.19.0
CODESYS Control Win: before 3.5.19.0
CODESYS Control Runtime System Toolkit: before 3.5.19.0
CODESYS Safety SIL2 Runtime Toolkit: before 3.5.19.0
CODESYS Safety SIL2 PSP: before 3.5.19.0
CODESYS HMI: before 3.5.19.0
CODESYS Development System V3: before 3.5.19.0
CODESYS Control for BeagleBone SL: before 4.8.0.0
CODESYS Control for emPC-A/iMX6 SL: before 4.8.0.0
CODESYS Control for IOT2000 SL: before 4.8.0.0
CODESYS Control for Linux SL: before 4.8.0.0
CODESYS Control for PFC100 SL: before 4.8.0.0
CODESYS Control for PFC200 SL: before 4.8.0.0
CODESYS Control for PLCnext SL: before 4.8.0.0
CODESYS Control for Raspberry Pi SL: before 4.8.0.0
CODESYS Control for WAGO Touch Panels 600 SL: before 4.8.0.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Stack-based buffer overflow
EUVDB-ID: #VU85951
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47383
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the CmpTraceMgr component. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCODESYS Control RTE: before 3.5.19.0
CODESYS Control RTE (for Beckhoff CX): before 3.5.19.0
CODESYS Control Win: before 3.5.19.0
CODESYS Control Runtime System Toolkit: before 3.5.19.0
CODESYS Safety SIL2 Runtime Toolkit: before 3.5.19.0
CODESYS Safety SIL2 PSP: before 3.5.19.0
CODESYS HMI: before 3.5.19.0
CODESYS Development System V3: before 3.5.19.0
CODESYS Control for BeagleBone SL: before 4.8.0.0
CODESYS Control for emPC-A/iMX6 SL: before 4.8.0.0
CODESYS Control for IOT2000 SL: before 4.8.0.0
CODESYS Control for Linux SL: before 4.8.0.0
CODESYS Control for PFC100 SL: before 4.8.0.0
CODESYS Control for PFC200 SL: before 4.8.0.0
CODESYS Control for PLCnext SL: before 4.8.0.0
CODESYS Control for Raspberry Pi SL: before 4.8.0.0
CODESYS Control for WAGO Touch Panels 600 SL: before 4.8.0.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Stack-based buffer overflow
EUVDB-ID: #VU85949
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47382
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the CmpTraceMgr component. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCODESYS Control RTE: before 3.5.19.0
CODESYS Control RTE (for Beckhoff CX): before 3.5.19.0
CODESYS Control Win: before 3.5.19.0
CODESYS Control Runtime System Toolkit: before 3.5.19.0
CODESYS Safety SIL2 Runtime Toolkit: before 3.5.19.0
CODESYS Safety SIL2 PSP: before 3.5.19.0
CODESYS HMI: before 3.5.19.0
CODESYS Development System V3: before 3.5.19.0
CODESYS Control for BeagleBone SL: before 4.8.0.0
CODESYS Control for emPC-A/iMX6 SL: before 4.8.0.0
CODESYS Control for IOT2000 SL: before 4.8.0.0
CODESYS Control for Linux SL: before 4.8.0.0
CODESYS Control for PFC100 SL: before 4.8.0.0
CODESYS Control for PFC200 SL: before 4.8.0.0
CODESYS Control for PLCnext SL: before 4.8.0.0
CODESYS Control for Raspberry Pi SL: before 4.8.0.0
CODESYS Control for WAGO Touch Panels 600 SL: before 4.8.0.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Stack-based buffer overflow
EUVDB-ID: #VU85948
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47381
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the CmpApp component. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCODESYS Control RTE: before 3.5.19.0
CODESYS Control RTE (for Beckhoff CX): before 3.5.19.0
CODESYS Control Win: before 3.5.19.0
CODESYS Control Runtime System Toolkit: before 3.5.19.0
CODESYS Safety SIL2 Runtime Toolkit: before 3.5.19.0
CODESYS Safety SIL2 PSP: before 3.5.19.0
CODESYS HMI: before 3.5.19.0
CODESYS Development System V3: before 3.5.19.0
CODESYS Control for BeagleBone SL: before 4.8.0.0
CODESYS Control for emPC-A/iMX6 SL: before 4.8.0.0
CODESYS Control for IOT2000 SL: before 4.8.0.0
CODESYS Control for Linux SL: before 4.8.0.0
CODESYS Control for PFC100 SL: before 4.8.0.0
CODESYS Control for PFC200 SL: before 4.8.0.0
CODESYS Control for PLCnext SL: before 4.8.0.0
CODESYS Control for Raspberry Pi SL: before 4.8.0.0
CODESYS Control for WAGO Touch Panels 600 SL: before 4.8.0.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Stack-based buffer overflow
EUVDB-ID: #VU85947
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47380
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the CmpApp component. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCODESYS Control RTE: before 3.5.19.0
CODESYS Control RTE (for Beckhoff CX): before 3.5.19.0
CODESYS Control Win: before 3.5.19.0
CODESYS Control Runtime System Toolkit: before 3.5.19.0
CODESYS Safety SIL2 Runtime Toolkit: before 3.5.19.0
CODESYS Safety SIL2 PSP: before 3.5.19.0
CODESYS HMI: before 3.5.19.0
CODESYS Development System V3: before 3.5.19.0
CODESYS Control for BeagleBone SL: before 4.8.0.0
CODESYS Control for emPC-A/iMX6 SL: before 4.8.0.0
CODESYS Control for IOT2000 SL: before 4.8.0.0
CODESYS Control for Linux SL: before 4.8.0.0
CODESYS Control for PFC100 SL: before 4.8.0.0
CODESYS Control for PFC200 SL: before 4.8.0.0
CODESYS Control for PLCnext SL: before 4.8.0.0
CODESYS Control for Raspberry Pi SL: before 4.8.0.0
CODESYS Control for WAGO Touch Panels 600 SL: before 4.8.0.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds write
EUVDB-ID: #VU85946
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47379
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the CmpApp component. A remote user can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCODESYS Control RTE: before 3.5.19.0
CODESYS Control RTE (for Beckhoff CX): before 3.5.19.0
CODESYS Control Win: before 3.5.19.0
CODESYS Control Runtime System Toolkit: before 3.5.19.0
CODESYS Safety SIL2 Runtime Toolkit: before 3.5.19.0
CODESYS Safety SIL2 PSP: before 3.5.19.0
CODESYS HMI: before 3.5.19.0
CODESYS Development System V3: before 3.5.19.0
CODESYS Control for BeagleBone SL: before 4.8.0.0
CODESYS Control for emPC-A/iMX6 SL: before 4.8.0.0
CODESYS Control for IOT2000 SL: before 4.8.0.0
CODESYS Control for Linux SL: before 4.8.0.0
CODESYS Control for PFC100 SL: before 4.8.0.0
CODESYS Control for PFC200 SL: before 4.8.0.0
CODESYS Control for PLCnext SL: before 4.8.0.0
CODESYS Control for Raspberry Pi SL: before 4.8.0.0
CODESYS Control for WAGO Touch Panels 600 SL: before 4.8.0.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
