var-202207-0363
Vulnerability from variot

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected. control for beaglebone , control for empc-a/imx6 , CODESYS Control for IOT2000 SL etc. multiple CODESYS GmbH The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0363",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "control for empc-a\\/imx6",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "4.5.0.0"
      },
      {
        "model": "control for iot2000 sl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "4.6.0.0"
      },
      {
        "model": "control for wago touch panels 600",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "4.5.0.0"
      },
      {
        "model": "control for pfc200 sl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "4.5.0.0"
      },
      {
        "model": "control for beaglebone",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "4.5.0.0"
      },
      {
        "model": "control rte sl \\",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.5.18.20"
      },
      {
        "model": "control for linux sl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "4.5.0.0"
      },
      {
        "model": "remote target visu toolkit",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.5.18.20"
      },
      {
        "model": "control for raspberry pi sl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "4.5.0.0"
      },
      {
        "model": "edge gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.5.18.20"
      },
      {
        "model": "development system",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.5.18.20"
      },
      {
        "model": "gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.5.18.20"
      },
      {
        "model": "control rte sl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.5.18.20"
      },
      {
        "model": "edge gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "4.5.0.0"
      },
      {
        "model": "control for pfc100 sl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "4.5.0.0"
      },
      {
        "model": "embedded target visu toolkit",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.5.18.20"
      },
      {
        "model": "control runtime system toolkit",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.5.18.20"
      },
      {
        "model": "control for plcnext",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "4.6.0.0"
      },
      {
        "model": "hmi",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.5.18.20"
      },
      {
        "model": "control win",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.5.18.20"
      },
      {
        "model": "control for iot2000 sl",
        "scope": null,
        "trust": 0.8,
        "vendor": "codesys",
        "version": null
      },
      {
        "model": "embedded target visu toolkit",
        "scope": null,
        "trust": 0.8,
        "vendor": "codesys",
        "version": null
      },
      {
        "model": "control for beaglebone",
        "scope": null,
        "trust": 0.8,
        "vendor": "codesys",
        "version": null
      },
      {
        "model": "control for linux sl",
        "scope": null,
        "trust": 0.8,
        "vendor": "codesys",
        "version": null
      },
      {
        "model": "control for pfc100 sl",
        "scope": null,
        "trust": 0.8,
        "vendor": "codesys",
        "version": null
      },
      {
        "model": "gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "codesys",
        "version": null
      },
      {
        "model": "control win",
        "scope": null,
        "trust": 0.8,
        "vendor": "codesys",
        "version": null
      },
      {
        "model": "control rte v3",
        "scope": null,
        "trust": 0.8,
        "vendor": "codesys",
        "version": null
      },
      {
        "model": "control rte sl",
        "scope": null,
        "trust": 0.8,
        "vendor": "codesys",
        "version": null
      },
      {
        "model": "control for wago touch panels 600",
        "scope": null,
        "trust": 0.8,
        "vendor": "codesys",
        "version": null
      },
      {
        "model": "control for empc-a/imx6",
        "scope": null,
        "trust": 0.8,
        "vendor": "codesys",
        "version": null
      },
      {
        "model": "edge gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "codesys",
        "version": null
      },
      {
        "model": "remote target visu toolkit",
        "scope": null,
        "trust": 0.8,
        "vendor": "codesys",
        "version": null
      },
      {
        "model": "control runtime system toolkit",
        "scope": null,
        "trust": 0.8,
        "vendor": "codesys",
        "version": null
      },
      {
        "model": "hmi",
        "scope": null,
        "trust": 0.8,
        "vendor": "codesys",
        "version": null
      },
      {
        "model": "control for plcnext",
        "scope": null,
        "trust": 0.8,
        "vendor": "codesys",
        "version": null
      },
      {
        "model": "development system",
        "scope": null,
        "trust": 0.8,
        "vendor": "codesys",
        "version": null
      },
      {
        "model": "control for pfc200 sl",
        "scope": null,
        "trust": 0.8,
        "vendor": "codesys",
        "version": null
      },
      {
        "model": "control for raspberry pi sl",
        "scope": null,
        "trust": 0.8,
        "vendor": "codesys",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012664"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-30792"
      }
    ]
  },
  "cve": "CVE-2022-30792",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2022-30792",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-422576",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2022-30792",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2022-012664",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-30792",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "info@cert.vde.com",
            "id": "CVE-2022-30792",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-30792",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202207-791",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-422576",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-30792",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-422576"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-30792"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012664"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-791"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-30792"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-30792"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected. control for beaglebone , control for empc-a/imx6 , CODESYS Control for IOT2000 SL etc. multiple CODESYS GmbH The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-30792"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012664"
      },
      {
        "db": "VULHUB",
        "id": "VHN-422576"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-30792"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-30792",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012664",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-791",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-422576",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-30792",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-422576"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-30792"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012664"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-791"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-30792"
      }
    ]
  },
  "id": "VAR-202207-0363",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-422576"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-08-14T15:00:54.926000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "3S-Smart Software Solutions CODESYS Remediation of resource management error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200895"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-791"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.1
      },
      {
        "problemtype": "Resource exhaustion (CWE-400) [ others ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-422576"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012664"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-30792"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17128\u0026token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026download="
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30792"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-30792/"
      },
      {
        "trust": 0.1,
        "url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17128\u0026amp;token=bee4d8a57f19be289d623ec90135493b5f9179e3\u0026amp;download="
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/400.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-422576"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-30792"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012664"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-791"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-30792"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-422576"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-30792"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012664"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-791"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-30792"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-07-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-422576"
      },
      {
        "date": "2022-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-30792"
      },
      {
        "date": "2023-08-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-012664"
      },
      {
        "date": "2022-07-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202207-791"
      },
      {
        "date": "2022-07-11T11:15:08.240000",
        "db": "NVD",
        "id": "CVE-2022-30792"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-09-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-422576"
      },
      {
        "date": "2022-07-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-30792"
      },
      {
        "date": "2023-08-31T08:31:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-012664"
      },
      {
        "date": "2022-07-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202207-791"
      },
      {
        "date": "2022-09-23T16:25:41.847000",
        "db": "NVD",
        "id": "CVE-2022-30792"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-791"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural \u00a0CODESYS\u00a0GmbH\u00a0 Product resource exhaustion vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-012664"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-791"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.