CVE-2022-4224High
CVE
CVE
National Vulnerability Database
NVD is the U.S. government repository of standards-based vulnerability management data, built on top of the MITRE CVE list. Every record includes CPE applicability statements, CVSS v2 and v3.x base scores, CWE mappings and cross-references to advisories.
Region
US
Updates
15 min
License
Public Domain
Comprehensive catalog of publicly disclosed vulnerabilities with CPE matches, CVSS scoring and reference URLs. De-facto standard for cross-vendor correlation.
https://nvd.nist.gov →Share link
Anyone with the link can open this vulnerability.
In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify sy…
CVSS
8.8
High
EPSS
0.01
p54
Published
2022-01-01
Updated
2022-01-01
Description
In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.
Tags · CWE
CWE-1188
CWE-1188BaseIncomplete
Initialization of a Resource with an Insecure Default
The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.
https://cwe.mitre.org/data/definitions/1188.html →Open in CWE collection →CAPEC-665
CAPEC-665DetailedStable
Exploitation of Thunderbolt Protection Flaws
https://capec.mitre.org/data/definitions/665.html →Open in CAPEC collection →
Affected products
Control_for_beaglebone_sl 3.0–4.8.0.0Control_for_empc-a\/imx6_sl 3.0–4.8.0.0Control_for_iot2000_sl 3.0–4.8.0.0Control_for_linux_sl 3.0–4.8.0.0Control_for_pfc100_sl 3.0–4.8.0.0Control_for_pfc200_sl 3.0–4.8.0.0Control_for_plcnext_sl 3.0–4.8.0.0Control_for_raspberry_pi_sl 3.0–4.8.0.0Control_for_wago_touch_panels_600_sl 3.0–4.8.0.0Control_rte_sl 3.0–3.5.19.0Control_rte_sl_\(for_beckhoff_cx\) 3.0–3.5.19.0Control_win_sl 3.0–3.5.19.0Development_system 3.0–3.5.19.0Hmi_sl 3.0–3.5.19.0Runtime_toolkit 3.0–3.5.19.0Safety_sil2 3.0–3.5.19.0
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Timeline
2022-01-01
Published
2022-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: L
Low (L)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.009 · p54
Known exploited (KEV)
No
MITRE ATT&CK
Inferred via CAPEC
└ via CAPEC-665 · CWE-1188
└ via CAPEC-665 · CWE-1188
└ via CAPEC-665 · CWE-1188
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
| Product | Vendor | Status |
|---|---|---|
| control_for_beaglebone_sl | * | Tracked |
| control_for_empc-a/imx6_sl | * | Tracked |
| control_for_iot2000_sl | * | Tracked |
| control_for_linux_sl | * | Tracked |
| control_for_pfc100_sl | * | Tracked |
| control_for_pfc200_sl | * | Tracked |
| control_for_plcnext_sl | * | Tracked |
| control_for_raspberry_pi_sl | * | Tracked |
| control_for_wago_touch_panels_600_sl | * | Tracked |
| control_rte_sl | * | Tracked |
| control_rte_sl_(for_beckhoff_cx) | * | Tracked |
| control_win_sl | * | Tracked |
| development_system | * | Tracked |
| hmi_sl | * | Tracked |
| runtime_toolkit | * | Tracked |
| safety_sil2 | * | Tracked |
Source databases
CVE
CVE
National Vulnerability Database
NVD is the U.S. government repository of standards-based vulnerability management data, built on top of the MITRE CVE list. Every record includes CPE applicability statements, CVSS v2 and v3.x base scores, CWE mappings and cross-references to advisories.
Region
US
Updates
15 min
License
Public Domain
Comprehensive catalog of publicly disclosed vulnerabilities with CPE matches, CVSS scoring and reference URLs. De-facto standard for cross-vendor correlation.
https://nvd.nist.gov →Related vulnerabilities