{"containers": {"cna": {"affected": [{"platforms": ["32 bit"], "product": "Runtime Toolkit", "vendor": "CODESYS", "versions": [{"lessThan": "V2.4.7.57", "status": "affected", "version": "V2", "versionType": "custom"}]}, {"product": "PLCWinNT", "vendor": "CODESYS", "versions": [{"lessThan": "V2.4.7.57", "status": "affected", "version": "V2", "versionType": "custom"}]}], "datePublic": "2022-06-16T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition. User Interaction is not required."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120 Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-24T07:46:25.000Z", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download="}], "source": {"discovery": "UNKNOWN"}, "title": "CODESYS runtime system prone to denial of service due to buffer copy", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2022-06-16T07:31:00.000Z", "ID": "CVE-2022-32140", "STATE": "PUBLIC", "TITLE": "CODESYS runtime system prone to denial of service due to buffer copy"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Runtime Toolkit", "version": {"version_data": [{"platform": "32 bit", "version_affected": "<", "version_name": "V2", "version_value": "V2.4.7.57"}]}}, {"product_name": "PLCWinNT", "version": {"version_data": [{"version_affected": "<", "version_name": "V2", "version_value": "V2.4.7.57"}]}}]}, "vendor_name": "CODESYS"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition. User Interaction is not required."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-120 Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download=", "refsource": "CONFIRM", "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download="}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:32:55.985Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download="}]}]}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2022-32140", "datePublished": "2022-06-24T07:46:25.218Z", "dateReserved": "2022-05-31T00:00:00.000Z", "dateUpdated": "2024-09-16T19:35:27.161Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:codesys:plcwinnt:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B26FF87-3FCD-496E-97C5-A1E4F6AACCB1", "versionEndExcluding": "2.4.7.57", "versionStartIncluding": "2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:x86:*", "matchCriteriaId": "CF74E74E-4EF8-4C84-A9A1-612AB7FC88BA", "versionEndExcluding": "2.4.7.57", "versionStartIncluding": "2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition. User Interaction is not required."}, {"lang": "es", "value": "diversos productos de CODESYS est\u00e1n afectados por un desbordamiento de b\u00fafer. Un atacante remoto poco privilegiado puede dise\u00f1ar una petici\u00f3n, que puede causar una copia del b\u00fafer sin comprobar el tama\u00f1o del servicio, resultando en una condici\u00f3n de denegaci\u00f3n de servicio. No es requerida una interacci\u00f3n del usuario"}], "id": "CVE-2022-32140", "lastModified": "2024-11-21T07:05:49.693", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "info@cert.vde.com", "type": "Secondary"}]}, "published": "2022-06-24T08:15:07.967", "references": [{"source": "info@cert.vde.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download="}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17139&token=ec67d15a433b61c77154166c20c78036540cacb0&download="}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "info@cert.vde.com", "type": "Secondary"}]}

{}

{}