CVE-2022-4224— CODESYS: Exposure of Resource to Wrong Sphere in CODESYS V3
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-4224
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CODESYS: Exposure of Resource to Wrong Sphere in CODESYS V3
Source: NVD (National Vulnerability Database)
Vulnerability Description
In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
不安全的默认资源初始化
Source: NVD (National Vulnerability Database)
Vulnerability Title
3s-smart Software Solutions CODESYS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
3s-smart Software Solutions CODESYS是德国德国3S智能软件系统方案有限公司(3s-smart Software Solutions)公司的一套控制器开发系统 3s-smart Software Solutions CODESYS v3版本存在安全漏洞,该漏洞源于允许远程低权限用户读取和修改系统文件和操作系统资源或 DoS 设备。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| CODESYS | Control RTE (SL) | 3.0.0.0 ~ 3.5.19.0 | - | |
| CODESYS | Control RTE (for Beckhoff CX) SL | 3.0.0.0 ~ 3.5.19.0 | - | |
| CODESYS | Control Win (SL) | 3.0.0.0 ~ 3.5.19.0 | - | |
| CODESYS | Runtime Toolkit | 3.0.0.0 ~ 3.5.19.0 | - | |
| CODESYS | Safety SIL2 Runtime Toolkit | 3.0.0.0 ~ 3.5.19.0 | - | |
| CODESYS | Safety SIL2 PSP | 3.0.0.0 ~ 3.5.19.0 | - | |
| CODESYS | HMI (SL) | 3.0.0.0 ~ 3.5.19.0 | - | |
| CODESYS | Development System V3 | 3.0.0.0 ~ 3.5.19.0 | - | |
| CODESYS | Control for BeagleBone SL | 3.0.0.0 ~ 4.8.0.0 | - | |
| CODESYS | Control for emPC-A/iMX6 SL | 3.0.0.0 ~ 4.8.0.0 | - | |
| CODESYS | Control for IOT2000 SL | 3.0.0.0 ~ 4.8.0.0 | - | |
| CODESYS | Control for Linux SL | 3.0.0.0 ~ 4.8.0.0 | - | |
| CODESYS | Control for PFC100 SL | 3.0.0.0 ~ 4.8.0.0 | - | |
| CODESYS | Control for PFC200 SL | 3.0.0.0 ~ 4.8.0.0 | - | |
| CODESYS | Control for PLCnext SL | 3.0.0.0 ~ 4.8.0.0 | - | |
| CODESYS | Control for Raspberry Pi SL | 3.0.0.0 ~ 4.8.0.0 | - | |
| CODESYS | Control for WAGO Touch Panels 600 SL | 3.0.0.0 ~ 4.8.0.0 | - |
II. Public POCs for CVE-2022-4224
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-4224
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: CODESYS
- CVE-2026-35225
Improper timeout handling in CODESYS EtherNetIP - CVE-2026-3509
CODESYS Control Audit Log Format String DoS - CVE-2025-41660
CODESYS Control Boot Application Replacement Enables Code Ex - CVE-2026-2364
CODESYS Installer TOCTOU Privilege Escalation - CVE-2025-41700
CODESYS Development System - Deserialization of Untrusted Da
Same weakness: CWE-1188
- CVE-2026-44109
OpenClaw < 2026.4.15 - Authentication Bypass in Feishu Webho - CVE-2026-43581
OpenClaw < 2026.4.10 - Chrome DevTools Protocol Exposure via - CVE-2026-41931
Vvveb < 1.0.8.2 Information Disclosure via Debug Exception H - CVE-2025-31974
HCL BigFix Service Management (SM) is susceptible to a Root - CVE-2026-39920
BridgeHead FileStore < 24A Apache Axis2 Default Credentials
V. Comments for CVE-2022-4224
No comments yet