Published Date: January 25, 2024
Last updated: January 25, 2024
Revision Number: 1.0
CVSS Score: 8.8
AFFECTED PRODUCTS AND SOLUTION
Affected Product (automated) |
First Known in Software Revision |
Corrected in Software Revision |
LP30 Operator Panel |
Codesys versions before V3.5.19.0 |
|
LP40 Operator Panel |
Codesys versions before V3.5.19.0 |
|
BM40 Operator Panel |
Codesys versions before V3.5.19.0 |
|
LP50 Operator Panel |
Codesys versions before V3.5.19.0 |
VULNERABILITY DETAILS
The CODESYS Control runtime system is utilized in the affected ASEM™ (A Rockwell Automation Company) products and enables embedded or PC-based devices to be programmable industrial controllers. Such products contain communication servers for the CODESYS protocol to enable communication with clients like the CODESYS Development System.
These products have the following vulnerabilities:
CVE-2022-47378 IMPACT
CVSS Base Score: 6.5/10 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-1288: Improper Validation of Consistency within Input
After successful authentication, specifically crafted communication requests with inconsistent content can cause the CmpFiletransfer component to read internally from an invalid address, potentially leading to a denial-of-service condition.
CVE-2022-47379 IMPACT
CVSS Base Score: 8.8/10 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787: Out-of-bounds Write
After successful authentication, specifically crafted communication requests can cause the CmpApp component to write threat actor-controlled data to memory, which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
CVE-2022-47380, CVE-2022-47381 IMPACT
CVSS Base Score: 8.8/10 (High)
CWE-121: Stack-based Buffer Overflow
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
After successful authentication, specifically crafted communication requests can cause the CmpApp component to write threat actor-controlled data to stack, which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
CVE-2022-47382, CVE-2022-47383, CVE-2022-47384, CVE-2022-47386, CVE-2022-47387, CVE-2022-47388, CVE-2022-47389, CVE-2022-47390 IMPACT
CVSS Base Score: 8.8/10 (High)
CWE-121: Stack-based Buffer Overflow
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
After successful authentication, specifically crafted communication requests can cause the CmpTraceMgr
component to write threat actor-controlled data to stack, which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
CVE-2022-47385 IMPACT
CVSS Base Score: 8.8/10 (High)
CWE-121: Stack-based Buffer Overflow
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
After successful authentication, specifically crafted communication requests can cause the CmpAppForce
component to write threat actor-controlled data to stack, which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
CVE-2022-47392 IMPACT
CVSS Base Score: 6.5/10 (Medium)
CWE-1288: Improper Validation of Consistency within Input
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
After successful authentication, specifically crafted communication requests with inconsistent content can cause the CmpApp/CmpAppBP/CmpAppForce components to read internally from an invalid address, potentially leading to a denial-of-service condition.
CVE-2022-47393 IMPACT
CVSS Base Score: 6.5/10 (Medium)
CWE-822: Untrusted Pointer Dereference
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
After successful authentication, specifically crafted communication requests can cause the cmpFiletransfer component to dereference addresses provided by the request for internal read access, which can lead to a denial-of-service situation.
Mitigations and Workarounds
Customers using the affected software are encouraged to apply the risk mitigations, if possible.
- Upgrade to CODESYS version 3.5.19.2 which has been released to mitigate these issues.
- Additionally, we encourage the customer to implement our suggested security best practices to minimize risk of the vulnerability.
Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.
ADDITIONAL RESOURCES