An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HCodesys Control For Beaglebone Sl
APPCodesys< 4.5.0.0Codesys Control For Beckhoff Cx9020
APPCodesys< 4.5.0.0Codesys Control For Empc A\/imx6 Sl
APPCodesys< 4.5.0.0Codesys Control For Iot2000 Sl
APPCodesys< 4.5.0.0Codesys Control For Linux Sl
APPCodesys< 4.5.0.0Codesys Control For Pfc100 Sl
APPCodesys< 4.5.0.0Codesys Control For Pfc200 Sl
APPCodesys< 4.5.0.0Codesys Control For Plcnext Sl
APPCodesys< 4.5.0.0Codesys Control For Raspberry Pi Sl
APPCodesys< 4.5.0.0Codesys Control For Wago Touch Panels 600 Sl
APPCodesys< 4.5.0.0Codesys Control Rte Sl
APPCodesys< 3.5.18.0Codesys Control Rte Sl \(for Beckhoff Cx\)
APPCodesys< 3.5.18.0Codesys Control Runtime System Toolkit
APPCodesys< 3.5.18.0Codesys Control Win Sl
APPCodesys< 3.5.18.0Codesys Development System
APPCodesys3.0 – 3.5.18.0 (bez)Codesys Edge Gateway
APPCodesys< 3.5.18.0< 4.5.0.0Codesys Embedded Target Visu Toolkit
APPCodesys< 3.5.18.0Codesys Gateway
APPCodesys< 3.5.18.0Codesys Hmi Sl
APPCodesys< 3.5.18.0Codesys Remote Target Visu Toolkit
APPCodesys< 3.5.18.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2022-31802CRITICAL9.8ten sam produkt
In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been...
CVE-2021-33485CRITICAL9.8ten sam produkt
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
CVE-2020-10245CRITICAL9.8ten sam produkt
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
CVE-2019-18858CRITICAL9.8ten sam produkt
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overf...
CVE-2019-13548CRITICAL9.8ten sam produkt
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or h...