CVE-2022-32143

Name of the Vulnerable Software and Affected Versions CODESYS products (affected versions not specified)

Description The issue allows access to internal files in the working directory, such as firmware files of the PLC, through the file download and upload function. This is possible if no level 1 password is configured on the controller or if a remote attacker has previously successfully authenticated to the controller. A successful attack may lead to a denial of service, change of local files, or drain of confidential information. User interaction is not required.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.