CVE-2022-22516 – The SysDrv3S driver in CODESYS Control runtime ... (How to Fix)

Q: What is the severity of CVE-2022-22516?

CVE-2022-22516 has a CVSS score of 7.8 (HIGH). The SysDrv3S driver in CODESYS Control runtime system on Windows allows any system user to read and write restricted memory space. This vulnerability affects all Windows systems running vulnerable versions of CODESYS Control runtime, enabling privilege escalation and system compromise.

📋 TL;DR

The SysDrv3S driver in CODESYS Control runtime system on Windows allows any system user to read and write restricted memory space. This vulnerability affects all Windows systems running vulnerable versions of CODESYS Control runtime, enabling privilege escalation and system compromise.

💻 Affected Systems

Products:

CODESYS Control runtime system

Versions: All versions prior to V3.5.19.0

Operating Systems: Microsoft Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Windows installations of CODESYS Control runtime; Linux versions are not affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through privilege escalation to SYSTEM, allowing arbitrary code execution, data theft, and complete control of the industrial control system.

🟠

Likely Case

Privilege escalation from low-privileged user to SYSTEM, enabling installation of malware, data manipulation, and disruption of industrial processes.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent unauthorized users from accessing affected systems.

🌐 Internet-Facing: LOW with brief explanation

🏢 Internal Only: HIGH with brief explanation

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires local system access but any authenticated user can exploit; no authentication bypass needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V3.5.19.0 or later

Vendor Advisory: https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17090&token=6cd08b169916366df31388d2e7ba58e7bce93508&download=

Restart Required: Yes

Instructions:

1. Download CODESYS Control V3.5.19.0 or later from CODESYS customer portal. 2. Stop all CODESYS services. 3. Install the update. 4. Restart the system. 5. Verify the new version is running.

🔧 Temporary Workarounds

Restrict user access

windows

Limit Windows user accounts that can access systems running CODESYS Control runtime

Network segmentation

all

Isolate CODESYS Control systems from general network access

🧯 If You Can't Patch

Implement strict access controls to limit which users can log into affected systems
Monitor for unusual privilege escalation attempts and memory access patterns

🔍 How to Verify

Check if Vulnerable:

Check CODESYS Control runtime version; if below V3.5.19.0, system is vulnerable

Check Version:

Check CODESYS Control runtime version in CODESYS Development System or system registry

Verify Fix Applied:

Verify CODESYS Control runtime version is V3.5.19.0 or higher

📡 Detection & Monitoring

Log Indicators:

Unusual memory access patterns in Windows event logs
Unexpected privilege escalation attempts

Network Indicators:

Unusual network traffic from CODESYS systems to unauthorized destinations

SIEM Query:

EventID=4656 OR EventID=4672 from systems running CODESYS Control

📊 Metadata

CVE ID: CVE-2022-22516

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-732

Published: April 7, 2022

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-22516, you might also want to check these: