Skip to main content

Control Rte Sl CVE-2022-22516

HIGH
Incorrect Permission Assignment for Critical Resource (CWE-732)
2022-04-07 info@cert.vde.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 07, 2022 - 19:15 nvd
HIGH 7.8

DescriptionNVD

The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space.

AnalysisAI

The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Incorrect Permission Assignment (CWE-732), which allows attackers to access resources due to misconfigured permissions. The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space. Affected products include: Codesys Control Rte Sl, Codesys Control Rte Sl \(For Beckhoff Cx\), Codesys Control Win Sl, Codesys Development System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and restrict file/resource permissions, apply principle of least privilege.

CVE-2019-9013 HIGH
8.8 Aug 15

An issue was discovered in 3S-Smart CODESYS V3 products. Rated high severity (CVSS 8.8), this vulnerability is no authen

CVE-2022-22515 HIGH
8.1 Apr 07

A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vuln

CVE-2025-41738 HIGH
7.5 Dec 01

An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a

CVE-2022-30792 HIGH
7.5 Jul 11

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized atta

CVE-2022-30791 HIGH
7.5 Jul 11

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker

CVE-2022-22519 HIGH
7.5 Apr 07

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulti

CVE-2022-22517 HIGH
7.5 Apr 07

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a v

CVE-2022-22514 HIGH
7.1 Apr 07

An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. Rated high severity

CVE-2023-37559 MEDIUM
6.5 Aug 03

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network co

CVE-2023-37558 MEDIUM
6.5 Aug 03

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network co

CVE-2023-37557 MEDIUM
6.5 Aug 03

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote com

CVE-2023-37556 MEDIUM
6.5 Aug 03

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network c

Share

CVE-2022-22516 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy