CVE-2022-4048

Name of the Vulnerable Software and Affected Versions CODESYS Development System V3 versions prior to V3.5.18.40

Description The issue is related to inadequate encryption strength, allowing an unauthenticated local attacker to access and manipulate the code of the encrypted boot application. It is also associated with the use of defective cryptographic algorithms, which can be exploited by a remote attacker to decrypt and modify the uploaded code by guessing session keys.

Recommendations For CODESYS Development System V3 versions prior to V3.5.18.40, update to version V3.5.18.40 or later to resolve the issue. As a temporary workaround, consider restricting access to the encrypted boot application until a patch is available. Additionally, avoid using the defective cryptographic algorithms in the development environment to minimize the risk of exploitation.