Vulnerability in Codesys Plcwinnt
CVE-2022-32143
In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured…
EPSS: 0.011 (61.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Codesys Plcwinnt — versions V2
- Codesys Runtime Toolkit — versions V2
- Codesys Runtime_toolkit
Weakness classification (CWE)
References
- info@cert.vde.com (x_refsource_CONFIRM, Mitigation, Vendor Advisory)
Frequently asked questions
- What is CVE-2022-32143?
- CVE-2022-32143 is a high-severity vulnerability in Codesys Plcwinnt, classified under Files or Directories Accessible to External Parties. CVSS score: 8.8/10. Published 2022-06-24.
- How severe is CVE-2022-32143?
- High severity. CVSS v3 base score is 8.8 out of 10.