Vulnerability in Codesys Plcwinnt

CVE-2022-32143

In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured…

EPSS: 0.011 (61.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2022-32143?
CVE-2022-32143 is a high-severity vulnerability in Codesys Plcwinnt, classified under Files or Directories Accessible to External Parties. CVSS score: 8.8/10. Published 2022-06-24.
How severe is CVE-2022-32143?
High severity. CVSS v3 base score is 8.8 out of 10.