Skip to main content

Plcwinnt CVE-2022-32139

MEDIUM
Out-of-bounds Read (CWE-125)
2022-06-24 info@cert.vde.com
6.5
CVSS 3.1 · Vendor: cert
Share

Severity by source

Vendor (cert) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from Vendor (cert) · only source for this CVE.

CVSS VectorVendor: cert

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 24, 2022 - 08:15 cve.org
MEDIUM 6.5

DescriptionCVE.org

In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. User Interaction is not required.

AnalysisAI

In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. User Interaction is not required. Affected products include: Codesys Plcwinnt, Codesys Runtime Toolkit.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2021-34593 HIGH POC
7.5 Oct 26

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid reque

CVE-2022-31806 CRITICAL
9.8 Jun 24

In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by defau

CVE-2022-32143 HIGH
8.8 Jun 24

In multiple CODESYS products, file download and upload function allows access to internal files in the working directory

CVE-2022-32138 HIGH
8.8 Jun 24

In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, result

CVE-2022-32137 HIGH
8.8 Jun 24

In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer

CVE-2022-32142 HIGH
8.1 Jun 24

Multiple CODESYS Products are prone to a out-of bounds read or write access. Rated high severity (CVSS 8.1), this vulner

CVE-2022-1965 HIGH
8.1 Jun 24

Multiple products of CODESYS implement a improper error handling. Rated high severity (CVSS 8.1), this vulnerability is

CVE-2021-34595 HIGH
8.1 Oct 26

A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32

CVE-2022-31805 HIGH
7.5 Jun 24

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication

CVE-2021-30195 HIGH
7.5 May 25

CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation. Rated high severity (CVSS 7.5), this vulnerabil

CVE-2021-30186 HIGH
7.5 May 25

CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow. Rated high severity (CVSS 7.5), this vuln

CVE-2022-32141 MEDIUM
6.5 Jun 24

Multiple CODESYS Products are prone to a buffer over read. Rated medium severity (CVSS 6.5), this vulnerability is remot

Share

CVE-2022-32139 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy