CVE-2022-30791 HIGH

CVE-2022-30791: CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections

Vendor Codesys
Product CODESYS Control RTE (SL)
Weakness CWE-400
Published July 11, 2022
Last update September 16, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.

Key dates

02Disclosure timeline

July 11, 2022 CVE published
September 16, 2024 Record updated