Improper Error Handling in CODESYS Products Allows Remote File Deletion

Improper Error Handling in CODESYS Products Allows Remote File Deletion

CVE-2022-1965 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User interaction is not required.

Learn more about our User Device Pen Test.