CVE-2022-30792 - Vulnerability Details

Vendors	Products
Codesys	Control For Beaglebone Control For Empc-a\/imx6 Control For Iot2000 Sl Control For Linux Sl Control For Pfc100 Sl Control For Pfc200 Sl Control For Plcnext Control For Raspberry Pi Sl Control For Wago Touch Panels 600 Control Rte Sl Control Rte Sl \(for Beckhoff Cx\) Control Runtime System Toolkit Control Win Development System Edge Gateway Embedded Target Visu Toolkit Gateway Hmi Remote Target Visu Toolkit

Link	Providers
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download=

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00181}`	epss `{'score': 0.00213}`

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "CODESYS Control RTE (SL)", "vendor": "CODESYS", "versions": [{"lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom"}]}, {"product": "CODESYS Control RTE (for Beckhoff CX) SL", "vendor": "CODESYS", "versions": [{"lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom"}]}, {"product": "CODESYS Control Win (SL)", "vendor": "CODESYS", "versions": [{"lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom"}]}, {"product": "CODESYS Gateway", "vendor": "CODESYS", "versions": [{"lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom"}]}, {"product": "CODESYS Edge Gateway for Windows", "vendor": "CODESYS", "versions": [{"lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom"}]}, {"product": "CODESYS HMI (SL)", "vendor": "CODESYS", "versions": [{"lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom"}]}, {"product": "CODESYS Development System V3", "vendor": "CODESYS", "versions": [{"lessThan": "V3.5.18.10", "status": "affected", "version": "V3", "versionType": "custom"}]}, {"product": "CODESYS Control Runtime System Toolkit", "vendor": "CODESYS", "versions": [{"lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom"}]}, {"product": "CODESYS Embedded Target Visu Toolkit", "vendor": "CODESYS", "versions": [{"lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom"}]}, {"product": "CODESYS Remote Target Visu Toolkit", "vendor": "CODESYS", "versions": [{"lessThan": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom"}]}, {"product": "CODESYS Control for BeagleBone SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom"}]}, {"product": "CODESYS Control for Beckhoff CX9020 SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom"}]}, {"product": "CODESYS Control for emPC-A/iMX6 SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom"}]}, {"product": "CODESYS Control for IOT2000 SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom"}]}, {"product": "CODESYS Control for Linux SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom"}]}, {"product": "CODESYS Control for PFC100 SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom"}]}, {"product": "CODESYS Control for PFC200 SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom"}]}, {"product": "CODESYS Control for PLCnext SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom"}]}, {"product": "CODESYS Control for Raspberry Pi SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom"}]}, {"product": "CODESYS Control for WAGO Touch Panels 600 SL", "vendor": "CODESYS", "versions": [{"lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom"}]}, {"product": "CODESYS Edge Gateway for Linux", "vendor": "CODESYS", "versions": [{"lessThan": "V4.5.0.0", "status": "affected", "version": "V3", "versionType": "custom"}]}], "datePublic": "2022-07-08T00:00:00", "descriptions": [{"lang": "en", "value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-11T10:40:43", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download="}], "source": {"defect": ["CERT@VDE#", "64130"], "discovery": "UNKNOWN"}, "title": "CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2022-07-08T06:00:00.000Z", "ID": "CVE-2022-30792", "STATE": "PUBLIC", "TITLE": "CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CODESYS Control RTE (SL)", "version": {"version_data": [{"version_affected": "<", "version_name": "V3", "version_value": "V3.5.18.20"}]}}, {"product_name": "CODESYS Control RTE (for Beckhoff CX) SL", "version": {"version_data": [{"version_affected": "<", "version_name": "V3", "version_value": "V3.5.18.20"}]}}, {"product_name": "CODESYS Control Win (SL)", "version": {"version_data": [{"version_affected": "<", "version_name": "V3", "version_value": "V3.5.18.20"}]}}, {"product_name": "CODESYS Gateway", "version": {"version_data": [{"version_affected": "<", "version_name": "V3", "version_value": "V3.5.18.20"}]}}, {"product_name": "CODESYS Edge Gateway for Windows", "version": {"version_data": [{"version_affected": "<", "version_name": "V3", "version_value": "V3.5.18.20"}]}}, {"product_name": "CODESYS HMI (SL)", "version": {"version_data": [{"version_affected": "<", "version_name": "V3", "version_value": "V3.5.18.20"}]}}, {"product_name": "CODESYS Development System V3", "version": {"version_data": [{"version_affected": "<", "version_name": "V3", "version_value": "V3.5.18.10"}]}}, {"product_name": "CODESYS Control Runtime System Toolkit", "version": {"version_data": [{"version_affected": "<", "version_name": "V3", "version_value": "V3.5.18.20"}]}}, {"product_name": "CODESYS Embedded Target Visu Toolkit", "version": {"version_data": [{"version_affected": "<", "version_name": "V3", "version_value": "V3.5.18.20"}]}}, {"product_name": "CODESYS Remote Target Visu Toolkit", "version": {"version_data": [{"version_affected": "<", "version_name": "V3", "version_value": "V3.5.18.20"}]}}, {"product_name": "CODESYS Control for BeagleBone SL", "version": {"version_data": [{"version_affected": "<", "version_name": "V3", "version_value": "V4.5.0.0"}]}}, {"product_name": "CODESYS Control for Beckhoff CX9020 SL", "version": {"version_data": [{"version_affected": "<", "version_name": "V3", "version_value": "V4.5.0.0"}]}}, {"product_name": "CODESYS Control for emPC-A/iMX6 SL", "version": {"version_data": [{"version_affected": "<", "version_name": "V3", "version_value": "V4.5.0.0"}]}}, {"product_name": "CODESYS Control for IOT2000 SL", "version": {"version_data": [{"version_affected": "<", "version_name": "V3", "version_value": "V4.5.0.0"}]}}, {"product_name": "CODESYS Control for Linux SL", "version": {"version_data": [{"version_affected": "<", "version_name": "V3", "version_value": "V4.5.0.0"}]}}, {"product_name": "CODESYS Control for PFC100 SL", "version": {"version_data": [{"version_affected": "<", "version_name": "V3", "version_value": "V4.5.0.0"}]}}, {"product_name": "CODESYS Control for PFC200 SL", "version": {"version_data": [{"version_affected": "<", "version_name": "V3", "version_value": "V4.5.0.0"}]}}, {"product_name": "CODESYS Control for PLCnext SL", "version": {"version_data": [{"version_affected": "<", "version_name": "V3", "version_value": "V4.5.0.0"}]}}, {"product_name": "CODESYS Control for Raspberry Pi SL", "version": {"version_data": [{"version_affected": "<", "version_name": "V3", "version_value": "V4.5.0.0"}]}}, {"product_name": "CODESYS Control for WAGO Touch Panels 600 SL", "version": {"version_data": [{"version_affected": "<", "version_name": "V3", "version_value": "V4.5.0.0"}]}}, {"product_name": "CODESYS Edge Gateway for Linux", "version": {"version_data": [{"version_affected": "<", "version_name": "V3", "version_value": "V4.5.0.0"}]}}]}, "vendor_name": "CODESYS"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400 Uncontrolled Resource Consumption"}]}]}, "references": {"reference_data": [{"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download=", "refsource": "CONFIRM", "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download="}]}, "source": {"defect": ["CERT@VDE#", "64130"], "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:03:38.599Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download="}]}]}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2022-30792", "datePublished": "2022-07-11T10:40:43.935648Z", "dateReserved": "2022-05-16T00:00:00", "dateUpdated": "2024-09-16T23:05:31.037Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : CODESYS Control RTE (SL) (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V3.5.18.20 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

1 : { »

product : CODESYS Control RTE (for Beckhoff CX) SL (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V3.5.18.20 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

2 : { »

product : CODESYS Control Win (SL) (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V3.5.18.20 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

3 : { »

product : CODESYS Gateway (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V3.5.18.20 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

4 : { »

product : CODESYS Edge Gateway for Windows (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V3.5.18.20 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

5 : { »

product : CODESYS HMI (SL) (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V3.5.18.20 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

6 : { »

product : CODESYS Development System V3 (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V3.5.18.10 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

7 : { »

product : CODESYS Control Runtime System Toolkit (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V3.5.18.20 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

8 : { »

product : CODESYS Embedded Target Visu Toolkit (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V3.5.18.20 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

9 : { »

product : CODESYS Remote Target Visu Toolkit (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V3.5.18.20 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

10 : { »

product : CODESYS Control for BeagleBone SL (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V4.5.0.0 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

11 : { »

product : CODESYS Control for Beckhoff CX9020 SL (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V4.5.0.0 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

12 : { »

product : CODESYS Control for emPC-A/iMX6 SL (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V4.5.0.0 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

13 : { »

product : CODESYS Control for IOT2000 SL (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V4.5.0.0 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

14 : { »

product : CODESYS Control for Linux SL (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V4.5.0.0 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

15 : { »

product : CODESYS Control for PFC100 SL (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V4.5.0.0 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

16 : { »

product : CODESYS Control for PFC200 SL (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V4.5.0.0 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

17 : { »

product : CODESYS Control for PLCnext SL (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V4.5.0.0 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

18 : { »

product : CODESYS Control for Raspberry Pi SL (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V4.5.0.0 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

19 : { »

product : CODESYS Control for WAGO Touch Panels 600 SL (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V4.5.0.0 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

20 : { »

product : CODESYS Edge Gateway for Linux (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V4.5.0.0 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

]

datePublic : 2022-07-08T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-400 (string)

description : CWE-400 Uncontrolled Resource Consumption (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2022-07-11T10:40:43 (string)

orgId : 270ccfa6-a436-4e77-922e-914ec3a9685c (string)

shortName : CERTVDE (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download= (string)

}

]

source : { »

defect : [ »

0 : CERT@VDE# (string)

1 : 64130 (string)

]

discovery : UNKNOWN (string)

}

title : CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels (string)

x_generator : { »

engine : Vulnogram 0.0.9 (string)

}

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : info@cert.vde.com (string)

DATE_PUBLIC : 2022-07-08T06:00:00.000Z (string)

ID : CVE-2022-30792 (string)

STATE : PUBLIC (string)

TITLE : CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : CODESYS Control RTE (SL) (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V3.5.18.20 (string)

}

]

}

1 : { »

product_name : CODESYS Control RTE (for Beckhoff CX) SL (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V3.5.18.20 (string)

}

]

}

2 : { »

product_name : CODESYS Control Win (SL) (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V3.5.18.20 (string)

}

]

}

3 : { »

product_name : CODESYS Gateway (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V3.5.18.20 (string)

}

]

}

4 : { »

product_name : CODESYS Edge Gateway for Windows (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V3.5.18.20 (string)

}

]

}

5 : { »

product_name : CODESYS HMI (SL) (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V3.5.18.20 (string)

}

]

}

6 : { »

product_name : CODESYS Development System V3 (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V3.5.18.10 (string)

}

]

}

7 : { »

product_name : CODESYS Control Runtime System Toolkit (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V3.5.18.20 (string)

}

]

}

8 : { »

product_name : CODESYS Embedded Target Visu Toolkit (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V3.5.18.20 (string)

}

]

}

9 : { »

product_name : CODESYS Remote Target Visu Toolkit (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V3.5.18.20 (string)

}

]

}

10 : { »

product_name : CODESYS Control for BeagleBone SL (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V4.5.0.0 (string)

}

]

}

11 : { »

product_name : CODESYS Control for Beckhoff CX9020 SL (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V4.5.0.0 (string)

}

]

}

12 : { »

product_name : CODESYS Control for emPC-A/iMX6 SL (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V4.5.0.0 (string)

}

]

}

13 : { »

product_name : CODESYS Control for IOT2000 SL (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V4.5.0.0 (string)

}

]

}

14 : { »

product_name : CODESYS Control for Linux SL (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V4.5.0.0 (string)

}

]

}

15 : { »

product_name : CODESYS Control for PFC100 SL (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V4.5.0.0 (string)

}

]

}

16 : { »

product_name : CODESYS Control for PFC200 SL (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V4.5.0.0 (string)

}

]

}

17 : { »

product_name : CODESYS Control for PLCnext SL (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V4.5.0.0 (string)

}

]

}

18 : { »

product_name : CODESYS Control for Raspberry Pi SL (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V4.5.0.0 (string)

}

]

}

19 : { »

product_name : CODESYS Control for WAGO Touch Panels 600 SL (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V4.5.0.0 (string)

}

]

}

20 : { »

product_name : CODESYS Edge Gateway for Linux (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V4.5.0.0 (string)

}

]

}

]

}

vendor_name : CODESYS (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected. (string)

}

]

}

generator : { »

engine : Vulnogram 0.0.9 (string)

}

impact : { »

cvss : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-400 Uncontrolled Resource Consumption (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download= (string)

refsource : CONFIRM (string)

url : https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download= (string)

}

]

}

source : { »

defect : [ »

0 : CERT@VDE# (string)

1 : 64130 (string)

]

discovery : UNKNOWN (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T07:03:38.599Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download= (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 270ccfa6-a436-4e77-922e-914ec3a9685c (string)

assignerShortName : CERTVDE (string)

cveId : CVE-2022-30792 (string)

datePublished : 2022-07-11T10:40:43.935648Z (string)

dateReserved : 2022-05-16T00:00:00 (string)

dateUpdated : 2024-09-16T23:05:31.037Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5D6E827-7AD1-4248-82E6-C879771A2FBA", "versionEndExcluding": "4.5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:*:*:*:*:*:*:*:*", "matchCriteriaId": "E07464D3-D8E5-45CC-8703-B445A866F015", "versionEndExcluding": "4.5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD1474A7-A282-4929-A9E4-721322DCAE15", "versionEndExcluding": "4.6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB585AB5-D0AC-46DC-9723-A0FEFBFB015C", "versionEndExcluding": "4.5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F6E2A1D-0187-4C71-A87D-48B3EC3D99DD", "versionEndExcluding": "4.5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "A78E493B-6D9E-4196-830C-24BCF25D3D44", "versionEndExcluding": "4.5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD0BCA34-FE68-4933-B189-746D2DA3E062", "versionEndExcluding": "4.6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D5DE9D1-C334-452C-A64B-D74A48017B6D", "versionEndExcluding": "4.5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_for_wago_touch_panels_600:*:*:*:*:*:*:*:*", "matchCriteriaId": "966AEA54-4939-4C84-8D8B-7C70D361555B", "versionEndExcluding": "4.5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "A33E4442-F316-439F-83BD-047A34EF6E14", "versionEndExcluding": "3.5.18.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_rte_sl_\\(for_beckhoff_cx\\):*:*:*:*:*:*:*:*", "matchCriteriaId": "8AC245C1-F19D-417A-801E-D08B0ED81651", "versionEndExcluding": "3.5.18.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1A0B9C6-534C-4D2C-BC62-620786CE748F", "versionEndExcluding": "3.5.18.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:*", "matchCriteriaId": "22F16730-93D3-41D4-B5D0-F507BC2D5A03", "versionEndExcluding": "3.5.18.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "05792C1C-C4BB-4084-96A3-69544076F944", "versionEndExcluding": "3.5.18.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*", "matchCriteriaId": "6C919501-6AFE-4D4C-84EF-C6AF30EBB769", "versionEndExcluding": "3.5.18.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:linux:*:*", "matchCriteriaId": "E36291AE-21CB-4ECB-8816-D50712C70E30", "versionEndExcluding": "4.5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "26B19D43-1A55-45E5-9C0A-00E9487B4282", "versionEndExcluding": "3.5.18.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "73C1F863-AAC0-446A-98E1-436916DA66B9", "versionEndExcluding": "3.5.18.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*", "matchCriteriaId": "C26E9A35-AEB3-4856-8410-989D422A6D95", "versionEndExcluding": "3.5.18.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "26CA4951-7DD0-4477-8C36-EC07191CAC8F", "versionEndExcluding": "3.5.18.20", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected."}, {"lang": "es", "value": "En CmpChannelServer de CODESYS versi\u00f3n V3 en m\u00faltiples versiones un consumo no controlado de recursos permite a un atacante no autorizado bloquear nuevas conexiones de canales de comunicaci\u00f3n. Las conexiones existentes no est\u00e1n afectadas"}], "id": "CVE-2022-30792", "lastModified": "2024-11-21T07:03:23.950", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "info@cert.vde.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2022-07-11T11:15:08.240", "references": [{"source": "info@cert.vde.com", "tags": ["Vendor Advisory"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download="}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download="}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "info@cert.vde.com", "type": "Secondary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:codesys:control_for_beaglebone:*:*:*:*:*:*:*:* (string)

matchCriteriaId : B5D6E827-7AD1-4248-82E6-C879771A2FBA (string)

versionEndExcluding : 4.5.0.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:codesys:control_for_empc-a\/imx6:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E07464D3-D8E5-45CC-8703-B445A866F015 (string)

versionEndExcluding : 4.5.0.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:* (string)

matchCriteriaId : AD1474A7-A282-4929-A9E4-721322DCAE15 (string)

versionEndExcluding : 4.6.0.0 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:* (string)

matchCriteriaId : AB585AB5-D0AC-46DC-9723-A0FEFBFB015C (string)

versionEndExcluding : 4.5.0.0 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 4F6E2A1D-0187-4C71-A87D-48B3EC3D99DD (string)

versionEndExcluding : 4.5.0.0 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A78E493B-6D9E-4196-830C-24BCF25D3D44 (string)

versionEndExcluding : 4.5.0.0 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:codesys:control_for_plcnext:*:*:*:*:*:*:*:* (string)

matchCriteriaId : BD0BCA34-FE68-4933-B189-746D2DA3E062 (string)

versionEndExcluding : 4.6.0.0 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 9D5DE9D1-C334-452C-A64B-D74A48017B6D (string)

versionEndExcluding : 4.5.0.0 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:codesys:control_for_wago_touch_panels_600:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 966AEA54-4939-4C84-8D8B-7C70D361555B (string)

versionEndExcluding : 4.5.0.0 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:codesys:control_rte_sl:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A33E4442-F316-439F-83BD-047A34EF6E14 (string)

versionEndExcluding : 3.5.18.20 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:codesys:control_rte_sl_\(for_beckhoff_cx\):*:*:*:*:*:*:*:* (string)

matchCriteriaId : 8AC245C1-F19D-417A-801E-D08B0ED81651 (string)

versionEndExcluding : 3.5.18.20 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F1A0B9C6-534C-4D2C-BC62-620786CE748F (string)

versionEndExcluding : 3.5.18.20 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:codesys:control_win:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 22F16730-93D3-41D4-B5D0-F507BC2D5A03 (string)

versionEndExcluding : 3.5.18.20 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 05792C1C-C4BB-4084-96A3-69544076F944 (string)

versionEndExcluding : 3.5.18.20 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:* (string)

matchCriteriaId : 6C919501-6AFE-4D4C-84EF-C6AF30EBB769 (string)

versionEndExcluding : 3.5.18.20 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:linux:*:* (string)

matchCriteriaId : E36291AE-21CB-4ECB-8816-D50712C70E30 (string)

versionEndExcluding : 4.5.0.0 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 26B19D43-1A55-45E5-9C0A-00E9487B4282 (string)

versionEndExcluding : 3.5.18.20 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 73C1F863-AAC0-446A-98E1-436916DA66B9 (string)

versionEndExcluding : 3.5.18.20 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C26E9A35-AEB3-4856-8410-989D422A6D95 (string)

versionEndExcluding : 3.5.18.20 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 26CA4951-7DD0-4477-8C36-EC07191CAC8F (string)

versionEndExcluding : 3.5.18.20 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected. (string)

}

1 : { »

lang : es (string)

value : En CmpChannelServer de CODESYS versión V3 en múltiples versiones un consumo no controlado de recursos permite a un atacante no autorizado bloquear nuevas conexiones de canales de comunicación. Las conexiones existentes no están afectadas (string)

}

]

id : CVE-2022-30792 (string)

lastModified : 2024-11-21T07:03:23.950 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 5 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : info@cert.vde.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Secondary (string)

}

]

}

published : 2022-07-11T11:15:08.240 (string)

references : [ »

0 : { »

source : info@cert.vde.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download= (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17128&token=bee4d8a57f19be289d623ec90135493b5f9179e3&download= (string)

}

]

sourceIdentifier : info@cert.vde.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-400 (string)

}

]

source : info@cert.vde.com (string)

type : Secondary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object