CVE-2022-30792 HIGH

CVE-2022-30792: CODESYS: CmpChannelServer, CmpChannelServerEmbedded allow unauthenticated attackers to block all their available communication channels

Vendor Codesys
Product CODESYS Control RTE (SL)
Weakness CWE-400
Published July 11, 2022
Last update September 16, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.

Key dates

02Disclosure timeline

July 11, 2022 CVE published
September 16, 2024 Record updated