CVE-2022-47392 MEDIUM

CVE-2022-47392: CODESYS: Multiple products prone to Improper Input Validation

Vendor Codesys
Product CODESYS Control RTE (SL)
Weakness CWE-20 · Input validation
Published May 15, 2023
Last update March 5, 2025
View on NVD All CVEs

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition.

Key dates

02Disclosure timeline

May 15, 2023 CVE published
March 5, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-6444 ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability CVE-2021-26626 tobesoft XPLATFORM Arbitrary file execution Vulnerability CVE-2024-6239 Poppler: pdfinfo: crash in broken documents when using -dests parameter CVE-2021-36032 Magento Commerce Improper Input Validation Could Lead To Information Exposure and Privilege Escalation CVE-2023-52137 GitHub Action tj-actions/verify-changed-files is vulnerable to command injection in output filenames