CVE-2022-22519— Special HTTP(s) Requests can cause a buffer-read causing a crash of the webserver and the runtime system.
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-22519
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Special HTTP(s) Requests can cause a buffer-read causing a crash of the webserver and the runtime system.
Source: NVD (National Vulnerability Database)
Vulnerability Description
A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
缓冲区上溢读取
Source: NVD (National Vulnerability Database)
Vulnerability Title
3S-Smart Software Solutions CODESYS Control 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
3s-smart Software Solutions CODESYS Control是德国3s-smart Software Solutions公司的一套工业控制程序编程软件。 3s-smart Software Solutions CODESYS Control 存在缓冲区错误漏洞,该漏洞源于经过身份验证的远程攻击者可以发送特定的精心制作的 HTTP 或 HTTPS 请求,导致缓冲区过度读取,从而导致 Web 服务器和 CODESYS Control 运行时系统崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2022-22519
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-22519
请登录查看更多情报信息。
Same Patch Batch · CODESYS · 2022-04-07 · 7 CVEs total
| CVE-2022-22515 | 8.1 HIGH | A component of the CODESYS Control runtime system allows read and write access to configur |
| CVE-2022-22516 | 7.8 HIGH | CODESYS driver SysDrv3S allows SYSTEM users on Microsoft Windows to read and write in rest |
| CVE-2022-22517 | 7.5 HIGH | Communication Components in multiple CODESYS products vulnerable to communication channel |
| CVE-2022-22514 | 7.1 HIGH | Untrusted Pointer Dereference in multiple CODESYS products can lead to a DoS. |
| CVE-2022-22518 | 6.5 MEDIUM | A bug in the CODESYS V3 CmpUserMgr component fails to correctly apply a security policy. |
| CVE-2022-22513 | 6.5 MEDIUM | Null Pointer Dereference in multiple CODESYS products can lead to a DoS. |
IV. Related Vulnerabilities
Same product: CODESYS Control RTE (SL)
- CVE-2026-3509
CODESYS Control Audit Log Format String DoS - CVE-2025-41660
CODESYS Control Boot Application Replacement Enables Code Ex - CVE-2025-41738
CODESYS Control - Invalid type usage in visualization - CVE-2022-47393
CODESYS: Multiple products prone to improperly restricted me - CVE-2022-47392
CODESYS: Multiple products prone to Improper Input Validatio
Same vendor: CODESYS
- CVE-2026-35225
Improper timeout handling in CODESYS EtherNetIP - CVE-2026-3509
CODESYS Control Audit Log Format String DoS - CVE-2025-41660
CODESYS Control Boot Application Replacement Enables Code Ex - CVE-2026-2364
CODESYS Installer TOCTOU Privilege Escalation - CVE-2025-41700
CODESYS Development System - Deserialization of Untrusted Da
V. Comments for CVE-2022-22519
No comments yet