CVE-2022-4048— 3s-smart Software Solutions CODESYS Development System 加密问题漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2022-4048の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
CODESYS V3 prone to Inadequate Encryption Stregth
ソース: NVD (National Vulnerability Database)
脆弱性説明
Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40 allows an unauthenticated local attacker to access and manipulate code of the encrypted boot application.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
不充分的加密强度
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
3s-smart Software Solutions CODESYS Development System 加密问题漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
3s-smart Software Solutions CODESYS Development System是德国德国3S智能软件系统方案有限公司(3s-smart Software Solutions)公司的一套用于工业控制器和自动化技术领域的编程工具。 3s-smart Software Solutions CODESYS Development System 存在加密问题漏洞,该漏洞源于加密强度不足,未经身份验证的本地攻击者利用该漏洞可以访问和操纵加密启动应用程序的代码。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| CODESYS | CODESYS Development System V3 | V0.0.0.0 ~ V3.5.18.40 | - |
II. CVE-2022-4048の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2022-4048のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · CODESYS · 2023-05-15 · 17 CVEs total
| CVE-2022-47390 | 8.8 HIGH | CODESYS: Multiple products prone to stack based out-of-bounds write |
| CVE-2022-47389 | 8.8 HIGH | CODESYS: Multiple products prone to stack based out-of-bounds write |
| CVE-2022-47388 | 8.8 HIGH | CODESYS: Multiple products prone to stack based out-of-bounds write |
| CVE-2022-47387 | 8.8 HIGH | CODESYS: Multiple products prone to stack based out-of-bounds write |
| CVE-2022-47386 | 8.8 HIGH | CODESYS: Multiple products prone to stack based out-of-bounds write |
| CVE-2022-47385 | 8.8 HIGH | CODESYS: Multiple products prone to stack based out-of-bounds write |
| CVE-2022-47384 | 8.8 HIGH | CODESYS: Multiple products prone to stack based out-of-bounds write |
| CVE-2022-47383 | 8.8 HIGH | CODESYS: Multiple products prone to stack based out-of-bounds write |
| CVE-2022-47382 | 8.8 HIGH | CODESYS: Multiple products prone to stack based out-of-bounds write |
| CVE-2022-47381 | 8.8 HIGH | CODESYS: Multiple products prone to stack based out-of-bounds write |
| CVE-2022-47380 | 8.8 HIGH | CODESYS: Multiple products prone to out-of-bounds write |
| CVE-2022-47379 | 8.8 HIGH | CODESYS: Multiple products prone to out-of-bounds write |
| CVE-2022-47391 | 7.5 HIGH | CODESYS: Multiple products prone to Improper Input Validation |
| CVE-2022-47393 | 6.5 MEDIUM | CODESYS: Multiple products prone to improperly restricted memory operations |
| CVE-2022-47392 | 6.5 MEDIUM | CODESYS: Multiple products prone to Improper Input Validation |
| CVE-2022-47378 | 6.5 MEDIUM | CODESYS: Multiple products prone to Improper Input Validation |
IV. 関連脆弱性
同じベンダー: CODESYS
- CVE-2026-35225
Improper timeout handling in CODESYS EtherNetIP - CVE-2026-3509
CODESYS Control Audit Log Format String DoS - CVE-2025-41660
CODESYS Control Boot Application Replacement Enables Code Ex - CVE-2026-2364
CODESYS Installer TOCTOU Privilege Escalation - CVE-2025-41700
CODESYS Development System - Deserialization of Untrusted Da
同じ弱点: CWE-326
- CVE-2018-25272
ELBA5 5.8.0 Remote Code Execution via Database Access - CVE-2025-1241
Encryption vulnerable to brute-force decryption in GoAnywher - CVE-2026-5363
Use of weak cryptographic key in TP-Link Archer C7 - CVE-2026-39349
OrangeHRM Uses AES-ECB for Sensitive Data Encryption Enables - CVE-2026-33488
AVideo has a PGP 2FA Bypass via Cryptographically Broken 512
V. CVE-2022-4048へのコメント
まだコメントはありません