Control Rte Sl
CVE-2022-22516
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space.
AnalysisAI
The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Incorrect Permission Assignment (CWE-732), which allows attackers to access resources due to misconfigured permissions. The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space. Affected products include: Codesys Control Rte Sl, Codesys Control Rte Sl \(For Beckhoff Cx\), Codesys Control Win Sl, Codesys Development System.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and restrict file/resource permissions, apply principle of least privilege.
More in Control Rte Sl
View allAn issue was discovered in 3S-Smart CODESYS V3 products. Rated high severity (CVSS 8.8), this vulnerability is no authen
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vuln
An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized atta
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker
A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulti
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a v
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. Rated high severity
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network co
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network co
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote com
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network c
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today