Published: 15/05/2023 Updated: 24/05/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
codesys hmi \\(sl\\)
codesys control win \\(sl\\)
codesys control runtime system toolkit
codesys control rte \\(sl\\)
codesys control rte \\(for beckhoff cx\\) sl
codesys control for wago touch panels 600 sl
codesys control for raspberry pi sl
codesys control for plcnext sl
codesys control for pfc200 sl
codesys control for pfc100 sl
codesys control for linux sl
codesys control for iot2000 sl
codesys control for empc-a\\/imx6 sl
codesys control for beaglebone sl

Microsoft: Codesys PLC bugs could be exploited to 'shut down power plants'

The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources What are these gadgets running, Windows? Ka-boom-tsch

Fifteen bugs in Codesys' industrial control systems software could be exploited to shut down power plants or steal information from critical infrastructure environments, experts have claimed. In a report and more published on GitHub, Microsoft threat intel specialist Vladimir Tokarev says the Windows giant – no stranger to security holes, cough – disclosed details of vulnerabilities in the Codesys V3 SDK to the Germany-based vendor in September 2022. Codesys has since patched the bugs. The S...

CVE-2022-47391

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect