CVE-2022-32139

{"id": "CVE-2022-32139", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "info@cert.vde.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-06-24T08:15:07.900", "references": [{"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download=", "tags": ["Mitigation", "Vendor Advisory"], "source": "info@cert.vde.com"}, {"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download=", "tags": ["Mitigation", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. User Interaction is not required."}, {"lang": "es", "value": "En diversos productos de CODESYS, un atacante remoto poco privilegiado puede dise\u00f1ar una petici\u00f3n que cause una lectura fuera de los l\u00edmites, resultando en una situaci\u00f3n de denegaci\u00f3n de servicio. No es requerida una interacci\u00f3n del usuario"}], "lastModified": "2024-11-21T07:05:49.570", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:codesys:plcwinnt:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B26FF87-3FCD-496E-97C5-A1E4F6AACCB1", "versionEndExcluding": "2.4.7.57", "versionStartIncluding": "2.0"}, {"criteria": "cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:x86:*", "vulnerable": true, "matchCriteriaId": "CF74E74E-4EF8-4C84-A9A1-612AB7FC88BA", "versionEndExcluding": "2.4.7.57", "versionStartIncluding": "2.0"}], "operator": "OR"}]}], "sourceIdentifier": "info@cert.vde.com"}