CVE-2022-22510 – CVE-2022-22510 is a null pointer dereference vu... (How to Fix)

Q: What is the severity of CVE-2022-22510?

CVE-2022-22510 has a CVSS score of 7.5 (HIGH). CVE-2022-22510 is a null pointer dereference vulnerability in Codesys Profinet V4.2.0.0 that allows unauthenticated attackers to cause denial of service via SNMP. This affects industrial control systems using vulnerable Codesys Profinet implementations. Attackers can crash the service without authentication.

📋 TL;DR

CVE-2022-22510 is a null pointer dereference vulnerability in Codesys Profinet V4.2.0.0 that allows unauthenticated attackers to cause denial of service via SNMP. This affects industrial control systems using vulnerable Codesys Profinet implementations. Attackers can crash the service without authentication.

💻 Affected Systems

Products:

Codesys Profinet

Versions: V4.2.0.0

Operating Systems: All platforms running Codesys Profinet V4.2.0.0

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with SNMP enabled and accessible to attackers. Industrial control systems in manufacturing, energy, and critical infrastructure sectors are primary targets.

📦 What is this software?

Profinet by Codesys

View all CVEs affecting Profinet →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of industrial control systems leading to production downtime, safety system impacts, or process interruptions in critical infrastructure.

🟠

Likely Case

Service crashes requiring manual restart of affected industrial controllers, causing temporary production interruptions.

🟢

If Mitigated

Limited impact with proper network segmentation and SNMP access controls preventing exploitation attempts.

🌐 Internet-Facing: HIGH if SNMP is exposed to internet without proper controls, as exploitation requires no authentication.

🏢 Internal Only: MEDIUM if internal network access exists, but proper segmentation reduces attack surface.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted SNMP packets to vulnerable service. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V4.2.0.1 or later

Vendor Advisory: https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17020&token=9acf91a2b5e1719ff71a019e86c3e8e411bfd252&download=

Restart Required: Yes

Instructions:

1. Download patch from Codesys customer portal. 2. Backup current configuration. 3. Apply patch following vendor instructions. 4. Restart affected services. 5. Verify patch application.

🔧 Temporary Workarounds

Disable SNMP Service

linux

Disable SNMP service if not required for operations

systemctl stop snmpd
systemctl disable snmpd

Restrict SNMP Access

linux

Configure firewall rules to restrict SNMP access to trusted networks only

iptables -A INPUT -p udp --dport 161 -s trusted_network -j ACCEPT
iptables -A INPUT -p udp --dport 161 -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems from untrusted networks
Deploy intrusion detection systems to monitor for SNMP exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check Codesys Profinet version using vendor documentation or system logs. Version V4.2.0.0 is vulnerable.

Check Version:

Consult Codesys documentation for version checking commands specific to your deployment

Verify Fix Applied:

Verify version is updated to V4.2.0.1 or later using vendor verification tools or system logs.

📡 Detection & Monitoring

Log Indicators:

Unexpected service crashes
SNMP error messages
Null pointer exception logs

Network Indicators:

Unusual SNMP traffic patterns
SNMP requests from unauthorized sources

SIEM Query:

source_port=161 AND (event_type="service_crash" OR error_message="null pointer")

📊 Metadata

CVE ID: CVE-2022-22510

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: February 2, 2022

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-22510, you might also want to check these: