← back
CVE-2022-22517

Communication Components in multiple CODESYS products vulnerable to communication channel disruption

CVSS 7.5 HIGHEPSS 1.3%CWE-334
In short

An attacker can disrupt communication between CODESYS products by guessing a channel ID and sending fake packets, forcing the connection to close. This breaks legitimate industrial control processes.

Technical detail

An unauthenticated remote attacker can disrupt CODESYS inter-product communication channels through packet injection by enumerating or guessing valid channel identifiers (CWE-334: Use of Insufficiently Random Values). The lack of authentication or strong channel validation allows an attacker to inject malicious packets that trigger closure of active communication channels, impacting availability.

Summary generated and translated by AI from the official description.
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
CODESYS · CODESYS Control for BeagleBone SLCODESYS · CODESYS Control for Beckhoff CX9020 SLCODESYS · CODESYS Control for emPC-A/iMX6 SLCODESYS · CODESYS Control for IOT2000 SLCODESYS · CODESYS Control for Linux SLCODESYS · CODESYS Control for PFC100 SLCODESYS · CODESYS Control for PFC200 SLCODESYS · CODESYS Control for PLCnext SLCODESYS · CODESYS Control for Raspberry Pi SLCODESYS · CODESYS Control for WAGO Touch Panels 600 SLCODESYS · CODESYS Control RTE (for Beckhoff CX) SLCODESYS · CODESYS Control RTE (SL)CODESYS · CODESYS Control Runtime System ToolkitCODESYS · CODESYS Control Win (SL)CODESYS · CODESYS Development System V3CODESYS · CODESYS Edge Gateway for LinuxCODESYS · CODESYS Edge Gateway for WindowsCODESYS · CODESYS Embedded Target Visu ToolkitCODESYS · CODESYS GatewayCODESYS · CODESYS HMI (SL)CODESYS · CODESYS OPC DA Server SLCODESYS · CODESYS PLCHandlerCODESYS · CODESYS Remote Target Visu Toolkit

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17091&token=c450f8bbbd838c647d102f359356386c6ea5aeca&download=