Detections
Analytics

Rockwell Automation LP30/40/50 and BM40 Operator Interface Improper Validation of Consistency Within Input (CVE-2022-47392)

medium Tenable OT Security Plugin ID 501649

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition.

Wago PFC200 and Compact Controllers support Codesys V3.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Rockwell Automation recommend users using the affected software to apply the risk mitigations, if possible:

- Upgrade to CODESYS version 3.5.19.2 which has been released to mitigate these issues.
- Additionally, we encourage the user to implement our suggested security best practices to minimize risk of the vulnerability.

Users can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.

Additional information can be found in the CODESYS Advisory.

See Also

http://www.nessus.org/u?2db205d9

http://www.nessus.org/u?7a14aee1

https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-07

Plugin Details

Severity: Medium

ID: 501649

File Name: tenable_ot_wago_CVE-2022-47392.nasl

Version: 1.4

Type: remote

Family: Tenable.ot

Published: 9/18/2023

Updated: 3/5/2026

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2022-47392

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:wago:751-9301_firmware, cpe:/o:wago:pfc200_firmware

Required KB Items: Tenable.ot/Wago

Exploit Ease: No known exploits are available

Patch Publication Date: 4/3/2019

Vulnerability Publication Date: 4/3/2019

Reference Information

CVE: CVE-2022-47392

CWE: 20