CVE-2022-30791
CODESYS V3: CmpBlkDrvTcp allows unauthenticated attackers to block all its available TCP connections
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 0.8%KEV nãoPoC —Patch —
Lifecycle
11 Jul 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
CODESYS · CODESYS Control for BeagleBone SLCODESYS · CODESYS Control for Beckhoff CX9020 SLCODESYS · CODESYS Control for emPC-A/iMX6 SLCODESYS · CODESYS Control for IOT2000 SLCODESYS · CODESYS Control for Linux SLCODESYS · CODESYS Control for PFC100 SLCODESYS · CODESYS Control for PFC200 SLCODESYS · CODESYS Control for PLCnext SLCODESYS · CODESYS Control for Raspberry Pi SLCODESYS · CODESYS Control for WAGO Touch Panels 600 SLCODESYS · CODESYS Control RTE (for Beckhoff CX) SLCODESYS · CODESYS Control RTE (SL)CODESYS · CODESYS Control Runtime System ToolkitCODESYS · CODESYS Control Win (SL)CODESYS · CODESYS Development System V3CODESYS · CODESYS Edge Gateway for LinuxCODESYS · CODESYS Edge Gateway for WindowsCODESYS · CODESYS Embedded Target Visu ToolkitCODESYS · CODESYS GatewayCODESYS · CODESYS HMI (SL)CODESYS · CODESYS Remote Target Visu ToolkitWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →