CVE-2022-47385

Name of the Vulnerable Software and Affected Versions CODESYS products (affected versions not specified) Schneider Electric products (affected versions not specified)

Description The issue is related to a stack-based out-of-bounds write vulnerability in the CmpAppForce Component. This vulnerability can be exploited by an authenticated, remote attacker to write data into the stack, potentially leading to a denial-of-service condition, memory overwriting, or remote code execution.

Recommendations For CODESYS products, consider disabling the CmpAppForce Component as a temporary workaround until a patch is available. For Schneider Electric products, restrict access to the CmpAppForce Component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.