CVE-2022-47385

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_empc-a\/imx6_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_plcnext_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_rte_\(for_beckhoff_cx\)_sl:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_rte_\(sl\):*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:control_win_\(sl\):*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:development_system_v3:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:hmi_\(sl\):*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:safety_sil2_psp:*:*:*:*:*:*:*:*
cpe:2.3:a:codesys:safety_sil2_runtime_toolkit:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-05-15 10:15

Updated : 2024-02-28 20:13


NVD link : CVE-2022-47385

Mitre link : CVE-2022-47385

CVE.ORG link : CVE-2022-47385


JSON object : View

Products Affected

codesys

  • control_rte_\(for_beckhoff_cx\)_sl
  • control_for_beaglebone_sl
  • control_for_pfc200_sl
  • control_for_plcnext_sl
  • control_rte_\(sl\)
  • control_for_wago_touch_panels_600_sl
  • control_runtime_system_toolkit
  • control_win_\(sl\)
  • hmi_\(sl\)
  • safety_sil2_runtime_toolkit
  • control_for_iot2000_sl
  • control_for_pfc100_sl
  • development_system_v3
  • safety_sil2_psp
  • control_for_raspberry_pi_sl
  • control_for_linux_sl
  • control_for_empc-a\/imx6_sl
CWE
CWE-787

Out-of-bounds Write