cvelistv5 - cve-2022-47379

CVE-2022-47379 (GCVE-0-2022-47379)

Vulnerability from cvelistv5

Published

2023-05-15 09:33

Modified

2025-03-05 19:01

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write

Summary

An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

References

►

URL

Tags

	info@cert.vde.com	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=	Vendor Advisory

Impacted products

Vendor

Product

Version

►

CODESYS

CODESYS Control RTE (SL)

Version: V0.0.0.0 ≤

CODESYS	CODESYS Control RTE (for Beckhoff CX) SL	Version: V0.0.0.0 ≤
CODESYS	CODESYS Control Win (SL)	Version: V0.0.0.0 ≤
CODESYS	CODESYS Control Runtime System Toolkit	Version: V0.0.0.0 ≤
CODESYS	CODESYS Safety SIL2 Runtime Toolkit	Version: V0.0.0.0 ≤
CODESYS	CODESYS Safety SIL2 PSP	Version: V0.0.0.0 ≤
CODESYS	CODESYS HMI (SL)	Version: V0.0.0.0 ≤
CODESYS	CODESYS Development System V3	Version: V0.0.0.0 ≤
CODESYS	CODESYS Control for BeagleBone SL	Version: V0.0.0.0 ≤
CODESYS	CODESYS Control for emPC-A/iMX6 SL	Version: V0.0.0.0 ≤
CODESYS	CODESYS Control for IOT2000 SL	Version: V0.0.0.0 ≤
CODESYS	CODESYS Control for Linux SL	Version: V0.0.0.0 ≤
CODESYS	CODESYS Control for PFC100 SL	Version: V0.0.0.0 ≤
CODESYS	CODESYS Control for PFC200 SL	Version: V0.0.0.0 ≤
CODESYS	CODESYS Control for PLCnext SL	Version: V0.0.0.0 ≤
CODESYS	CODESYS Control for Raspberry Pi SL	Version: V0.0.0.0 ≤
CODESYS	CODESYS Control for WAGO Touch Panels 600 SL	Version: V0.0.0.0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:55:07.032Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17554\u0026token=5444f53b4c90fe37043671a100dffa75305d1825\u0026download="
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-47379",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T18:37:54.742167Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T19:01:07.355Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Control RTE (SL)",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V3.5.19.0",
              "status": "affected",
              "version": "V0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Control RTE (for Beckhoff CX) SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V3.5.19.0",
              "status": "affected",
              "version": "V0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Control Win (SL)",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V3.5.19.0",
              "status": "affected",
              "version": "V0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Control Runtime System Toolkit",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V3.5.19.0",
              "status": "affected",
              "version": "V0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Safety SIL2 Runtime Toolkit",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V3.5.19.0",
              "status": "affected",
              "version": "V0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Safety SIL2 PSP",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V3.5.19.0",
              "status": "affected",
              "version": "V0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS HMI (SL)",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V3.5.19.0",
              "status": "affected",
              "version": "V0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Development System V3",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V3.5.19.0",
              "status": "affected",
              "version": "V0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Control for BeagleBone SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V4.8.0.0",
              "status": "affected",
              "version": "V0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Control for emPC-A/iMX6 SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V4.8.0.0",
              "status": "affected",
              "version": "V0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Control for IOT2000 SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V4.8.0.0",
              "status": "affected",
              "version": "V0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Control for Linux SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V4.8.0.0",
              "status": "affected",
              "version": "V0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Control for PFC100 SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V4.8.0.0",
              "status": "affected",
              "version": "V0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Control for PFC200 SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V4.8.0.0",
              "status": "affected",
              "version": "V0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Control for PLCnext SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V4.8.0.0",
              "status": "affected",
              "version": "V0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Control for Raspberry Pi SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V4.8.0.0",
              "status": "affected",
              "version": "V0.0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CODESYS Control for WAGO Touch Panels 600 SL",
          "vendor": "CODESYS",
          "versions": [
            {
              "lessThan": "V4.8.0.0",
              "status": "affected",
              "version": "V0.0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Vladimir Tokarev, Microsoft"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead\u0026nbsp;to a denial-of-service condition, memory overwriting, or remote code execution."
            }
          ],
          "value": "An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-15T09:33:41.697Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17554\u0026token=5444f53b4c90fe37043671a100dffa75305d1825\u0026download="
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "CODESYS: Multiple products prone to out-of-bounds write",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2022-47379",
    "datePublished": "2023-05-15T09:33:41.697Z",
    "dateReserved": "2022-12-14T06:03:27.263Z",
    "dateUpdated": "2025-03-05T19:01:07.355Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-47379\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2023-05-15T10:15:09.530\",\"lastModified\":\"2025-07-17T12:38:27.903\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.8.0.0\",\"matchCriteriaId\":\"D2A50DA7-2372-470C-A4DD-29837A4D428A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:control_for_empc-a\\\\/imx6_sl:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.8.0.0\",\"matchCriteriaId\":\"0ADC5883-5087-45E0-95E2-3D414C6417DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.8.0.0\",\"matchCriteriaId\":\"7178B980-82CC-4A30-B278-A4D1F319D678\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.8.0.0\",\"matchCriteriaId\":\"8AFD0474-DCBC-4F9E-BE1B-7BDCCB9D801F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.8.0.0\",\"matchCriteriaId\":\"61D99F13-9297-4812-90AD-3EB43276D344\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.8.0.0\",\"matchCriteriaId\":\"E5F2E302-39C1-4674-A2BE-A6D1D761B4E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.8.0.0\",\"matchCriteriaId\":\"FF8FBED1-D729-4E07-A644-70D8FC87E965\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.8.0.0\",\"matchCriteriaId\":\"00EF8A8D-8A5F-4E7B-A14A-BFEE3297E3B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.8.0.0\",\"matchCriteriaId\":\"2AA9F089-875B-4A90-A818-1BD06602D7E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:control_rte_\\\\(for_beckhoff_cx\\\\)_sl:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.5.19.0\",\"matchCriteriaId\":\"F1A18AA8-CDF4-4664-906F-76060AFED925\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:control_rte_\\\\(sl\\\\):*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.5.19.0\",\"matchCriteriaId\":\"725E570C-6F46-4526-90B5-F4CAF70A7688\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.5.19.0\",\"matchCriteriaId\":\"AD993BD6-B52E-4BA7-A7D7-A0EBE7FDEDEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:control_win_\\\\(sl\\\\):*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.5.19.0\",\"matchCriteriaId\":\"FBA9CDA8-4FA0-4258-B477-D2C8DBDD8B2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:development_system_v3:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.5.19.0\",\"matchCriteriaId\":\"FC41CB40-21CD-4621-9B23-9BF8E0AE93E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:hmi_\\\\(sl\\\\):*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.5.19.0\",\"matchCriteriaId\":\"C664BC1C-889F-4A54-8E81-AB60B0D4D93B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:safety_sil2_psp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.5.19.0\",\"matchCriteriaId\":\"49220E0D-3DD6-492B-BD58-C4951D7D2B75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:safety_sil2_runtime_toolkit:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.5.19.0\",\"matchCriteriaId\":\"DDF04E45-90A5-47FB-8101-9A56BD4F9C3F\"}]}]}],\"references\":[{\"url\":\"https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17554\u0026token=5444f53b4c90fe37043671a100dffa75305d1825\u0026download=\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17554\u0026token=5444f53b4c90fe37043671a100dffa75305d1825\u0026download=\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17554\u0026token=5444f53b4c90fe37043671a100dffa75305d1825\u0026download=\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T14:55:07.032Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-47379\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-05T18:37:54.742167Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-05T18:37:56.085Z\"}}], \"cna\": {\"title\": \"CODESYS: Multiple products prone to out-of-bounds write\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Vladimir Tokarev, Microsoft\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"CODESYS\", \"product\": \"CODESYS Control RTE (SL)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V0.0.0.0\", \"lessThan\": \"V3.5.19.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"CODESYS Control RTE (for Beckhoff CX) SL\", \"versions\": [{\"status\": \"affected\", \"version\": \"V0.0.0.0\", \"lessThan\": \"V3.5.19.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"CODESYS Control Win (SL)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V0.0.0.0\", \"lessThan\": \"V3.5.19.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"CODESYS Control Runtime System Toolkit\", \"versions\": [{\"status\": \"affected\", \"version\": \"V0.0.0.0\", \"lessThan\": \"V3.5.19.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"CODESYS Safety SIL2 Runtime Toolkit\", \"versions\": [{\"status\": \"affected\", \"version\": \"V0.0.0.0\", \"lessThan\": \"V3.5.19.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"CODESYS Safety SIL2 PSP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V0.0.0.0\", \"lessThan\": \"V3.5.19.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"CODESYS HMI (SL)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V0.0.0.0\", \"lessThan\": \"V3.5.19.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"CODESYS Development System V3\", \"versions\": [{\"status\": \"affected\", \"version\": \"V0.0.0.0\", \"lessThan\": \"V3.5.19.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"CODESYS Control for BeagleBone SL\", \"versions\": [{\"status\": \"affected\", \"version\": \"V0.0.0.0\", \"lessThan\": \"V4.8.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"CODESYS Control for emPC-A/iMX6 SL\", \"versions\": [{\"status\": \"affected\", \"version\": \"V0.0.0.0\", \"lessThan\": \"V4.8.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"CODESYS Control for IOT2000 SL\", \"versions\": [{\"status\": \"affected\", \"version\": \"V0.0.0.0\", \"lessThan\": \"V4.8.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"CODESYS Control for Linux SL\", \"versions\": [{\"status\": \"affected\", \"version\": \"V0.0.0.0\", \"lessThan\": \"V4.8.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"CODESYS Control for PFC100 SL\", \"versions\": [{\"status\": \"affected\", \"version\": \"V0.0.0.0\", \"lessThan\": \"V4.8.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"CODESYS Control for PFC200 SL\", \"versions\": [{\"status\": \"affected\", \"version\": \"V0.0.0.0\", \"lessThan\": \"V4.8.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"CODESYS Control for PLCnext SL\", \"versions\": [{\"status\": \"affected\", \"version\": \"V0.0.0.0\", \"lessThan\": \"V4.8.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"CODESYS Control for Raspberry Pi SL\", \"versions\": [{\"status\": \"affected\", \"version\": \"V0.0.0.0\", \"lessThan\": \"V4.8.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"CODESYS\", \"product\": \"CODESYS Control for WAGO Touch Panels 600 SL\", \"versions\": [{\"status\": \"affected\", \"version\": \"V0.0.0.0\", \"lessThan\": \"V4.8.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17554\u0026token=5444f53b4c90fe37043671a100dffa75305d1825\u0026download=\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead\\u00a0to a denial-of-service condition, memory overwriting, or remote code execution.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead\u0026nbsp;to a denial-of-service condition, memory overwriting, or remote code execution.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"shortName\": \"CERTVDE\", \"dateUpdated\": \"2023-05-15T09:33:41.697Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-47379\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-05T19:01:07.355Z\", \"dateReserved\": \"2022-12-14T06:03:27.263Z\", \"assignerOrgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"datePublished\": \"2023-05-15T09:33:41.697Z\", \"assignerShortName\": \"CERTVDE\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

wid-sec-w-2023-2270

Vulnerability from csaf_certbund

Published

2023-09-05 22:00

Modified

2024-01-29 23:00

Summary

Codesys V3: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

CODESYS ist eine herstellerunabhängige Automatisierungssoftware für die Entwicklung von Steuerungsanwendungen in der industriellen Automatisierung. Die ABB AC-500 ist eine speicherprogrammierbare Steuerung (SPS).

Angriff

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Codesys V3 ausnutzen, um beliebigen Programmcode auszuführen, Speicher zu überschreiben oder einen Denial of Service zu verursachen.

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "CODESYS ist eine herstellerunabh\u00e4ngige Automatisierungssoftware f\u00fcr die Entwicklung von Steuerungsanwendungen in der industriellen Automatisierung.\r\nDie ABB AC-500 ist eine speicherprogrammierbare Steuerung (SPS).",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Codesys V3 ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Speicher zu \u00fcberschreiben oder einen Denial of Service zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2270 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2270.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2270 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2270"
      },
      {
        "category": "external",
        "summary": "ABB Cyber Security Advisory vom 2023-09-05",
        "url": "https://search.abb.com/library/Download.aspx?Action=Launch\u0026DocumentID=3ADR011211"
      },
      {
        "category": "external",
        "summary": "VDE-CERT Security Advisory VDE-2023-063 vom 2024-01-30",
        "url": "https://cert.vde.com/de/advisories/VDE-2023-063/"
      }
    ],
    "source_lang": "en-US",
    "title": "Codesys V3: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-01-29T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:58:04.787+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2270",
      "initial_release_date": "2023-09-05T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-09-05T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-01-29T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von VDE aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "ABB AC-500 \u003c V3 3.7.0",
            "product": {
              "name": "ABB AC-500 \u003c V3 3.7.0",
              "product_id": "T029732",
              "product_identification_helper": {
                "cpe": "cpe:/h:abb:ac-500:v3_3.7.0"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "ABB"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "CODESYS CODESYS v3",
            "product": {
              "name": "CODESYS CODESYS v3",
              "product_id": "T032407",
              "product_identification_helper": {
                "cpe": "cpe:/a:codesys:codesys:v3"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "CODESYS"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "FESTO CPX",
            "product": {
              "name": "FESTO CPX",
              "product_id": "T032401",
              "product_identification_helper": {
                "cpe": "cpe:/h:festo:cpx:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "FESTO"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-47393",
      "notes": [
        {
          "category": "description",
          "text": "In Codesys V3 existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Validierung von Eingaben, Out-of-Bounds-Schreibfehler, Buffer-Overflows und fehlerhaften Dereferenzierungen von Zeigern zur\u00fcckzuf\u00fchren. Ein authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Speicher zu \u00fcberschreiben, einen Denial of Service zu verursachen oder Code auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032401",
          "T032407"
        ]
      },
      "release_date": "2023-09-05T22:00:00.000+00:00",
      "title": "CVE-2022-47393"
    },
    {
      "cve": "CVE-2022-47392",
      "notes": [
        {
          "category": "description",
          "text": "In Codesys V3 existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Validierung von Eingaben, Out-of-Bounds-Schreibfehler, Buffer-Overflows und fehlerhaften Dereferenzierungen von Zeigern zur\u00fcckzuf\u00fchren. Ein authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Speicher zu \u00fcberschreiben, einen Denial of Service zu verursachen oder Code auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032401",
          "T032407"
        ]
      },
      "release_date": "2023-09-05T22:00:00.000+00:00",
      "title": "CVE-2022-47392"
    },
    {
      "cve": "CVE-2022-47390",
      "notes": [
        {
          "category": "description",
          "text": "In Codesys V3 existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Validierung von Eingaben, Out-of-Bounds-Schreibfehler, Buffer-Overflows und fehlerhaften Dereferenzierungen von Zeigern zur\u00fcckzuf\u00fchren. Ein authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Speicher zu \u00fcberschreiben, einen Denial of Service zu verursachen oder Code auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032401",
          "T032407"
        ]
      },
      "release_date": "2023-09-05T22:00:00.000+00:00",
      "title": "CVE-2022-47390"
    },
    {
      "cve": "CVE-2022-47389",
      "notes": [
        {
          "category": "description",
          "text": "In Codesys V3 existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Validierung von Eingaben, Out-of-Bounds-Schreibfehler, Buffer-Overflows und fehlerhaften Dereferenzierungen von Zeigern zur\u00fcckzuf\u00fchren. Ein authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Speicher zu \u00fcberschreiben, einen Denial of Service zu verursachen oder Code auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032401",
          "T032407"
        ]
      },
      "release_date": "2023-09-05T22:00:00.000+00:00",
      "title": "CVE-2022-47389"
    },
    {
      "cve": "CVE-2022-47388",
      "notes": [
        {
          "category": "description",
          "text": "In Codesys V3 existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Validierung von Eingaben, Out-of-Bounds-Schreibfehler, Buffer-Overflows und fehlerhaften Dereferenzierungen von Zeigern zur\u00fcckzuf\u00fchren. Ein authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Speicher zu \u00fcberschreiben, einen Denial of Service zu verursachen oder Code auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032401",
          "T032407"
        ]
      },
      "release_date": "2023-09-05T22:00:00.000+00:00",
      "title": "CVE-2022-47388"
    },
    {
      "cve": "CVE-2022-47387",
      "notes": [
        {
          "category": "description",
          "text": "In Codesys V3 existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Validierung von Eingaben, Out-of-Bounds-Schreibfehler, Buffer-Overflows und fehlerhaften Dereferenzierungen von Zeigern zur\u00fcckzuf\u00fchren. Ein authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Speicher zu \u00fcberschreiben, einen Denial of Service zu verursachen oder Code auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032401",
          "T032407"
        ]
      },
      "release_date": "2023-09-05T22:00:00.000+00:00",
      "title": "CVE-2022-47387"
    },
    {
      "cve": "CVE-2022-47386",
      "notes": [
        {
          "category": "description",
          "text": "In Codesys V3 existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Validierung von Eingaben, Out-of-Bounds-Schreibfehler, Buffer-Overflows und fehlerhaften Dereferenzierungen von Zeigern zur\u00fcckzuf\u00fchren. Ein authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Speicher zu \u00fcberschreiben, einen Denial of Service zu verursachen oder Code auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032401",
          "T032407"
        ]
      },
      "release_date": "2023-09-05T22:00:00.000+00:00",
      "title": "CVE-2022-47386"
    },
    {
      "cve": "CVE-2022-47385",
      "notes": [
        {
          "category": "description",
          "text": "In Codesys V3 existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Validierung von Eingaben, Out-of-Bounds-Schreibfehler, Buffer-Overflows und fehlerhaften Dereferenzierungen von Zeigern zur\u00fcckzuf\u00fchren. Ein authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Speicher zu \u00fcberschreiben, einen Denial of Service zu verursachen oder Code auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032401",
          "T032407"
        ]
      },
      "release_date": "2023-09-05T22:00:00.000+00:00",
      "title": "CVE-2022-47385"
    },
    {
      "cve": "CVE-2022-47384",
      "notes": [
        {
          "category": "description",
          "text": "In Codesys V3 existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Validierung von Eingaben, Out-of-Bounds-Schreibfehler, Buffer-Overflows und fehlerhaften Dereferenzierungen von Zeigern zur\u00fcckzuf\u00fchren. Ein authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Speicher zu \u00fcberschreiben, einen Denial of Service zu verursachen oder Code auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032401",
          "T032407"
        ]
      },
      "release_date": "2023-09-05T22:00:00.000+00:00",
      "title": "CVE-2022-47384"
    },
    {
      "cve": "CVE-2022-47383",
      "notes": [
        {
          "category": "description",
          "text": "In Codesys V3 existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Validierung von Eingaben, Out-of-Bounds-Schreibfehler, Buffer-Overflows und fehlerhaften Dereferenzierungen von Zeigern zur\u00fcckzuf\u00fchren. Ein authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Speicher zu \u00fcberschreiben, einen Denial of Service zu verursachen oder Code auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032401",
          "T032407"
        ]
      },
      "release_date": "2023-09-05T22:00:00.000+00:00",
      "title": "CVE-2022-47383"
    },
    {
      "cve": "CVE-2022-47382",
      "notes": [
        {
          "category": "description",
          "text": "In Codesys V3 existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Validierung von Eingaben, Out-of-Bounds-Schreibfehler, Buffer-Overflows und fehlerhaften Dereferenzierungen von Zeigern zur\u00fcckzuf\u00fchren. Ein authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Speicher zu \u00fcberschreiben, einen Denial of Service zu verursachen oder Code auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032401",
          "T032407"
        ]
      },
      "release_date": "2023-09-05T22:00:00.000+00:00",
      "title": "CVE-2022-47382"
    },
    {
      "cve": "CVE-2022-47381",
      "notes": [
        {
          "category": "description",
          "text": "In Codesys V3 existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Validierung von Eingaben, Out-of-Bounds-Schreibfehler, Buffer-Overflows und fehlerhaften Dereferenzierungen von Zeigern zur\u00fcckzuf\u00fchren. Ein authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Speicher zu \u00fcberschreiben, einen Denial of Service zu verursachen oder Code auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032401",
          "T032407"
        ]
      },
      "release_date": "2023-09-05T22:00:00.000+00:00",
      "title": "CVE-2022-47381"
    },
    {
      "cve": "CVE-2022-47380",
      "notes": [
        {
          "category": "description",
          "text": "In Codesys V3 existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Validierung von Eingaben, Out-of-Bounds-Schreibfehler, Buffer-Overflows und fehlerhaften Dereferenzierungen von Zeigern zur\u00fcckzuf\u00fchren. Ein authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Speicher zu \u00fcberschreiben, einen Denial of Service zu verursachen oder Code auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032401",
          "T032407"
        ]
      },
      "release_date": "2023-09-05T22:00:00.000+00:00",
      "title": "CVE-2022-47380"
    },
    {
      "cve": "CVE-2022-47379",
      "notes": [
        {
          "category": "description",
          "text": "In Codesys V3 existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Validierung von Eingaben, Out-of-Bounds-Schreibfehler, Buffer-Overflows und fehlerhaften Dereferenzierungen von Zeigern zur\u00fcckzuf\u00fchren. Ein authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Speicher zu \u00fcberschreiben, einen Denial of Service zu verursachen oder Code auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032401",
          "T032407"
        ]
      },
      "release_date": "2023-09-05T22:00:00.000+00:00",
      "title": "CVE-2022-47379"
    },
    {
      "cve": "CVE-2022-47378",
      "notes": [
        {
          "category": "description",
          "text": "In Codesys V3 existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Validierung von Eingaben, Out-of-Bounds-Schreibfehler, Buffer-Overflows und fehlerhaften Dereferenzierungen von Zeigern zur\u00fcckzuf\u00fchren. Ein authentisierter Angreifer kann diese Schwachstellen ausnutzen, um Speicher zu \u00fcberschreiben, einen Denial of Service zu verursachen oder Code auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T032401",
          "T032407"
        ]
      },
      "release_date": "2023-09-05T22:00:00.000+00:00",
      "title": "CVE-2022-47378"
    }
  ]
}

gsd-2022-47379

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2022-47379

Aliases

CVE-2022-47379

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-47379",
    "id": "GSD-2022-47379"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-47379"
      ],
      "details": "An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution.",
      "id": "GSD-2022-47379",
      "modified": "2023-12-13T01:19:36.496000Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "info@cert.vde.com",
        "ID": "CVE-2022-47379",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "CODESYS Control RTE (SL)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V0.0.0.0",
                          "version_value": "V3.5.19.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS Control RTE (for Beckhoff CX) SL",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V0.0.0.0",
                          "version_value": "V3.5.19.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS Control Win (SL)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V0.0.0.0",
                          "version_value": "V3.5.19.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS Control Runtime System Toolkit",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V0.0.0.0",
                          "version_value": "V3.5.19.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS Safety SIL2 Runtime Toolkit",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V0.0.0.0",
                          "version_value": "V3.5.19.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS Safety SIL2 PSP",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V0.0.0.0",
                          "version_value": "V3.5.19.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS HMI (SL)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V0.0.0.0",
                          "version_value": "V3.5.19.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS Development System V3",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V0.0.0.0",
                          "version_value": "V3.5.19.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS Control for BeagleBone SL",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V0.0.0.0",
                          "version_value": "V4.8.0.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS Control for emPC-A/iMX6 SL",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V0.0.0.0",
                          "version_value": "V4.8.0.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS Control for IOT2000 SL",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V0.0.0.0",
                          "version_value": "V4.8.0.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS Control for Linux SL",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V0.0.0.0",
                          "version_value": "V4.8.0.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS Control for PFC100 SL",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V0.0.0.0",
                          "version_value": "V4.8.0.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS Control for PFC200 SL",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V0.0.0.0",
                          "version_value": "V4.8.0.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS Control for PLCnext SL",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V0.0.0.0",
                          "version_value": "V4.8.0.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS Control for Raspberry Pi SL",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V0.0.0.0",
                          "version_value": "V4.8.0.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS Control for WAGO Touch Panels 600 SL",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V0.0.0.0",
                          "version_value": "V4.8.0.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "CODESYS"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Vladimir Tokarev, Microsoft"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-787",
                "lang": "eng",
                "value": "CWE-787 Out-of-bounds Write"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17554\u0026token=5444f53b4c90fe37043671a100dffa75305d1825\u0026download=",
            "refsource": "MISC",
            "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17554\u0026token=5444f53b4c90fe37043671a100dffa75305d1825\u0026download="
          }
        ]
      },
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:codesys:safety_sil2_runtime_toolkit:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:safety_sil2_psp:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:hmi_\\(sl\\):*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:development_system_v3:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_win_\\(sl\\):*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_rte_\\(sl\\):*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_rte_\\(for_beckhoff_cx\\)_sl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.19.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.19.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.19.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.19.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.19.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.19.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.19.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.19.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.19.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "ID": "CVE-2022-47379"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17554\u0026token=5444f53b4c90fe37043671a100dffa75305d1825\u0026download=",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17554\u0026token=5444f53b4c90fe37043671a100dffa75305d1825\u0026download="
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-05-22T19:40Z",
      "publishedDate": "2023-05-15T10:15Z"
    }
  }
}

fkie_cve-2022-47379

Vulnerability from fkie_nvd

Published

2023-05-15 10:15

Modified

2025-07-17 12:38

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

▶	URL	Tags
	info@cert.vde.com	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=	Vendor Advisory

Impacted products

Vendor	Product	Version
codesys	control_for_beaglebone_sl	*
codesys	control_for_empc-a\/imx6_sl	*
codesys	control_for_iot2000_sl	*
codesys	control_for_linux_sl	*
codesys	control_for_pfc100_sl	*
codesys	control_for_pfc200_sl	*
codesys	control_for_plcnext_sl	*
codesys	control_for_raspberry_pi_sl	*
codesys	control_for_wago_touch_panels_600_sl	*
codesys	control_rte_\(for_beckhoff_cx\)_sl	*
codesys	control_rte_\(sl\)	*
codesys	control_runtime_system_toolkit	*
codesys	control_win_\(sl\)	*
codesys	development_system_v3	*
codesys	hmi_\(sl\)	*
codesys	safety_sil2_psp	*
codesys	safety_sil2_runtime_toolkit	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A50DA7-2372-470C-A4DD-29837A4D428A",
              "versionEndExcluding": "4.8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ADC5883-5087-45E0-95E2-3D414C6417DF",
              "versionEndExcluding": "4.8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7178B980-82CC-4A30-B278-A4D1F319D678",
              "versionEndExcluding": "4.8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AFD0474-DCBC-4F9E-BE1B-7BDCCB9D801F",
              "versionEndExcluding": "4.8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61D99F13-9297-4812-90AD-3EB43276D344",
              "versionEndExcluding": "4.8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5F2E302-39C1-4674-A2BE-A6D1D761B4E2",
              "versionEndExcluding": "4.8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF8FBED1-D729-4E07-A644-70D8FC87E965",
              "versionEndExcluding": "4.8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "00EF8A8D-8A5F-4E7B-A14A-BFEE3297E3B5",
              "versionEndExcluding": "4.8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AA9F089-875B-4A90-A818-1BD06602D7E4",
              "versionEndExcluding": "4.8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:control_rte_\\(for_beckhoff_cx\\)_sl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1A18AA8-CDF4-4664-906F-76060AFED925",
              "versionEndExcluding": "3.5.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:control_rte_\\(sl\\):*:*:*:*:*:*:*:*",
              "matchCriteriaId": "725E570C-6F46-4526-90B5-F4CAF70A7688",
              "versionEndExcluding": "3.5.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD993BD6-B52E-4BA7-A7D7-A0EBE7FDEDEF",
              "versionEndExcluding": "3.5.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:control_win_\\(sl\\):*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBA9CDA8-4FA0-4258-B477-D2C8DBDD8B2F",
              "versionEndExcluding": "3.5.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:development_system_v3:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC41CB40-21CD-4621-9B23-9BF8E0AE93E3",
              "versionEndExcluding": "3.5.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:hmi_\\(sl\\):*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C664BC1C-889F-4A54-8E81-AB60B0D4D93B",
              "versionEndExcluding": "3.5.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:safety_sil2_psp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "49220E0D-3DD6-492B-BD58-C4951D7D2B75",
              "versionEndExcluding": "3.5.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:codesys:safety_sil2_runtime_toolkit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDF04E45-90A5-47FB-8101-9A56BD4F9C3F",
              "versionEndExcluding": "3.5.19.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution."
    }
  ],
  "id": "CVE-2022-47379",
  "lastModified": "2025-07-17T12:38:27.903",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "info@cert.vde.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-05-15T10:15:09.530",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17554\u0026token=5444f53b4c90fe37043671a100dffa75305d1825\u0026download="
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17554\u0026token=5444f53b4c90fe37043671a100dffa75305d1825\u0026download="
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Primary"
    }
  ]
}

ghsa-3339-3jp2-pq45

Vulnerability from github

Published

2023-07-06 21:14

Modified

2024-04-04 05:42

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-47379"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-15T10:15:09Z",
    "severity": "HIGH"
  },
  "details": "An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution.",
  "id": "GHSA-3339-3jp2-pq45",
  "modified": "2024-04-04T05:42:49Z",
  "published": "2023-07-06T21:14:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47379"
    },
    {
      "type": "WEB",
      "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17554\u0026token=5444f53b4c90fe37043671a100dffa75305d1825\u0026download="
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-47379 (GCVE-0-2022-47379)

Vulnerability from cvelistv5

wid-sec-w-2023-2270

Vulnerability from csaf_certbund

gsd-2022-47379

Vulnerability from gsd

fkie_cve-2022-47379

Vulnerability from fkie_nvd

ghsa-3339-3jp2-pq45

Vulnerability from github

Tags

Sightings

Nomenclature