CVE-2022-47379
📋 TL;DR
CVE-2022-47379 is an out-of-bounds write vulnerability in multiple CODESYS industrial automation products that allows authenticated remote attackers to write arbitrary data to memory. This can lead to denial-of-service, memory corruption, or remote code execution. Organizations using affected CODESYS products in industrial control systems are at risk.
💻 Affected Systems
- CODESYS Control runtime systems
- CODESYS Development System
- CODESYS Gateway
- CODESYS OPC UA Server
- CODESYS Safety runtime systems
📦 What is this software?
Control For Wago Touch Panels 600 Sl by Codesys
View all CVEs affecting Control For Wago Touch Panels 600 Sl →
Control Rte \(for Beckhoff Cx\) Sl by Codesys
View all CVEs affecting Control Rte \(for Beckhoff Cx\) Sl →
Hmi Sl by Codesys
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with full system compromise, allowing attackers to take control of industrial processes and critical infrastructure.
Likely Case
Denial-of-service conditions disrupting industrial operations, with potential for memory corruption affecting system stability.
If Mitigated
Limited impact if proper network segmentation and authentication controls prevent attacker access to vulnerable systems.
🎯 Exploit Status
Requires authenticated access; exploitation complexity depends on specific memory layout and target system configuration.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: V3.5.19.0, V4.1.0.0, or V4.2.0.0 depending on product line
Vendor Advisory: https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=
Restart Required: Yes
Instructions:
1. Identify affected CODESYS products and versions. 2. Download appropriate patches from CODESYS customer portal. 3. Apply patches following vendor instructions. 4. Restart affected systems. 5. Verify patch installation.
🔧 Temporary Workarounds
Network Segmentation
allIsolate CODESYS systems from untrusted networks and implement strict firewall rules.
Authentication Hardening
allImplement strong authentication mechanisms and limit user access to only necessary functions.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate vulnerable systems from untrusted networks
- Enforce strong authentication controls and limit user privileges to minimum required
🔍 How to Verify
Check if Vulnerable:
Check CODESYS product versions against affected version ranges in vendor advisoryCheck Version:
Check version in CODESYS development environment or runtime system configurationVerify Fix Applied:
Verify installed version is V3.5.19.0, V4.1.0.0, or V4.2.0.0 or later📡 Detection & Monitoring
Log Indicators:
- Unexpected authentication attempts
- Memory access violations
- Process crashes in CODESYS components
Network Indicators:
- Unusual traffic patterns to CODESYS ports (typically 1217, 2455, 11740)
SIEM Query:
source="codesys" AND (event_type="crash" OR event_type="memory_violation")