Out-of-bounds write in CODESYS products - CVE-2022-47379

Vulnerability identifier: #VU85946

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-47379

CWE-ID: CWE-787

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: CODESYS

Affected software:
CODESYS Control RTE
CODESYS Control RTE (for Beckhoff CX)
CODESYS Control Win
CODESYS Control Runtime System Toolkit
CODESYS Safety SIL2 Runtime Toolkit
CODESYS Safety SIL2 PSP
CODESYS HMI
CODESYS Development System V3
CODESYS Control for BeagleBone SL
CODESYS Control for emPC-A/iMX6 SL
CODESYS Control for IOT2000 SL
CODESYS Control for Linux SL
CODESYS Control for PFC100 SL
CODESYS Control for PFC200 SL
CODESYS Control for PLCnext SL
CODESYS Control for Raspberry Pi SL
CODESYS Control for WAGO Touch Panels 600 SL

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the CmpApp component. A remote user can trigger an out-of-bounds write and execute arbitrary code on the target system.

Install updates from vendor's website.

• https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=