CVE-2022-32140
Vulnerability from cvelistv5
Published
2022-06-24 07:46
Modified
2024-09-16 19:35
Severity ?
EPSS score ?
Summary
CODESYS runtime system prone to denial of service due to buffer copy
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | CODESYS | Runtime Toolkit |
Version: V2 < V2.4.7.57 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:32:55.985Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17139\u0026token=ec67d15a433b61c77154166c20c78036540cacb0\u0026download=" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "platforms": [ "32 bit" ], "product": "Runtime Toolkit", "vendor": "CODESYS", "versions": [ { "lessThan": "V2.4.7.57", "status": "affected", "version": "V2", "versionType": "custom" } ] }, { "product": "PLCWinNT", "vendor": "CODESYS", "versions": [ { "lessThan": "V2.4.7.57", "status": "affected", "version": "V2", "versionType": "custom" } ] } ], "datePublic": "2022-06-16T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition. User Interaction is not required." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120 Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-24T07:46:25", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17139\u0026token=ec67d15a433b61c77154166c20c78036540cacb0\u0026download=" } ], "source": { "discovery": "UNKNOWN" }, "title": "CODESYS runtime system prone to denial of service due to buffer copy", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2022-06-16T07:31:00.000Z", "ID": "CVE-2022-32140", "STATE": "PUBLIC", "TITLE": "CODESYS runtime system prone to denial of service due to buffer copy" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Runtime Toolkit", "version": { "version_data": [ { "platform": "32 bit", "version_affected": "\u003c", "version_name": "V2", "version_value": "V2.4.7.57" } ] } }, { "product_name": "PLCWinNT", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "V2", "version_value": "V2.4.7.57" } ] } } ] }, "vendor_name": "CODESYS" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition. User Interaction is not required." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-120 Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17139\u0026token=ec67d15a433b61c77154166c20c78036540cacb0\u0026download=", "refsource": "CONFIRM", "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17139\u0026token=ec67d15a433b61c77154166c20c78036540cacb0\u0026download=" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2022-32140", "datePublished": "2022-06-24T07:46:25.218250Z", "dateReserved": "2022-05-31T00:00:00", "dateUpdated": "2024-09-16T19:35:27.161Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-32140\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2022-06-24T08:15:07.967\",\"lastModified\":\"2024-11-21T07:05:49.693\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition. User Interaction is not required.\"},{\"lang\":\"es\",\"value\":\"diversos productos de CODESYS est\u00e1n afectados por un desbordamiento de b\u00fafer. Un atacante remoto poco privilegiado puede dise\u00f1ar una petici\u00f3n, que puede causar una copia del b\u00fafer sin comprobar el tama\u00f1o del servicio, resultando en una condici\u00f3n de denegaci\u00f3n de servicio. No es requerida una interacci\u00f3n del usuario\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:P\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:plcwinnt:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0\",\"versionEndExcluding\":\"2.4.7.57\",\"matchCriteriaId\":\"2B26FF87-3FCD-496E-97C5-A1E4F6AACCB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:x86:*\",\"versionStartIncluding\":\"2.0\",\"versionEndExcluding\":\"2.4.7.57\",\"matchCriteriaId\":\"CF74E74E-4EF8-4C84-A9A1-612AB7FC88BA\"}]}]}],\"references\":[{\"url\":\"https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17139\u0026token=ec67d15a433b61c77154166c20c78036540cacb0\u0026download=\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17139\u0026token=ec67d15a433b61c77154166c20c78036540cacb0\u0026download=\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.