CVE-2022-47387

Name of the Vulnerable Software and Affected Versions CODESYS products (affected versions not specified) Schneider Electric (affected versions not specified)

Description The issue is related to a stack-based out-of-bounds write vulnerability in the CmpTraceMgr component. This vulnerability can be exploited by an authenticated remote attacker to write data into the stack, potentially leading to a denial-of-service condition, memory overwriting, or remote code execution.

Recommendations For CODESYS products, consider restricting access to the CmpTraceMgr component until a patch is available. For Schneider Electric, avoid using the vulnerable CmpTraceMgr component in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.