CVE-2022-4224 HIGH

CVE-2022-4224: CODESYS: Exposure of Resource to Wrong Sphere in CODESYS V3

Vendor Codesys
Product Control RTE (SL)
Weakness CWE-1188
Published March 23, 2023
Last update May 29, 2026

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.

Key dates

02Disclosure timeline

March 23, 2023 CVE published
May 29, 2026 Record updated