github - ghsa-4555-4gmg-wpcm

ghsa-4555-4gmg-wpcm

Vulnerability from github

Published

2022-04-08 00:00

Modified

2022-04-16 00:01

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-22513"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-07T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.",
  "id": "GHSA-4555-4gmg-wpcm",
  "modified": "2022-04-16T00:01:30Z",
  "published": "2022-04-08T00:00:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22513"
    },
    {
      "type": "WEB",
      "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17093\u0026token=15cd8424832ea10dcd4873a409a09a539ee381ca\u0026download="
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2022-22513 (GCVE-0-2022-22513)

Vulnerability from cvelistv5

Published

2022-04-07 18:21

Modified

2024-09-17 04:29

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Summary

An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.

References

URL

Tags

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17093&token=15cd8424832ea10dcd4873a409a09a539ee381ca&download=

x_refsource_MISC

Impacted products

Vendor

Product

Version

CODESYS

CODESYS Control RTE (SL)

Version: V3.5.18.0 < V3.5.18.0

CODESYS	CODESYS Control RTE (for Beckhoff CX) SL	Version: V3.5.18.0 < V3.5.18.0
CODESYS	CODESYS Control Win (SL)	Version: V3.5.18.0 < V3.5.18.0
CODESYS	CODESYS Gateway	Version: V3.5.18.0 < V3.5.18.0
CODESYS	CODESYS Edge Gateway for Windows	Version: V3.5.18.0 < V3.5.18.0
CODESYS	CODESYS HMI (SL)	Version: V3.5.18.0 < V3.5.18.0
CODESYS	CODESYS Development System V3	Version: V3.5.18.0 < V3.5.18.0
CODESYS	CODESYS Control Runtime System Toolkit	Version: V3.5.18.0 < V3.5.18.0
CODESYS	CODESYS Embedded Target Visu Toolkit	Version: V3.5.18.0 < V3.5.18.0
CODESYS	CODESYS Remote Target Visu Toolkit	Version: V3.5.18.0 < V3.5.18.0
CODESYS	CODESYS Control for BeagleBone SL	Version: V4.5.0.0 < V4.5.0.0
CODESYS	CODESYS Control for Beckhoff CX9020 SL	Version: V4.5.0.0 < V4.5.0.0
CODESYS	CODESYS Control for emPC-A/iMX6 SL	Version: V4.5.0.0 < V4.5.0.0
CODESYS	CODESYS Control for IOT2000 SL	Version: V4.5.0.0 < V4.5.0.0
CODESYS	CODESYS Control for Linux SL	Version: V4.5.0.0 < V4.5.0.0
CODESYS	CODESYS Control for PFC100 SL	Version: V4.5.0.0 < V4.5.0.0
CODESYS	CODESYS Control for PFC200 SL	Version: V4.5.0.0 < V4.5.0.0
CODESYS	CODESYS Control for PLCnext SL	Version: V4.5.0.0 < V4.5.0.0
CODESYS	CODESYS Control for Raspberry Pi SL	Version: V4.5.0.0 < V4.5.0.0
CODESYS	CODESYS Control for WAGO Touch Panels 600 SL	Version: V4.5.0.0 < V4.5.0.0
CODESYS	CODESYS Edge Gateway for Linux	Version: V4.5.0.0 < V4.5.0.0

Show details on NVD website