CVE-2022-22517: 
NixOS vulnerability analysis and mitigation

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets, which results in the communication channel being closed. This vulnerability (CVE-2022-22517) affects multiple CODESYS products and versions prior to 4.5.0.0 (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability stems from insufficient randomness in channel ID generation, classified under CWE-330 (Use of Insufficiently Random Values) and CWE-334 (Small Space of Random Values) (NVD).

The primary impact of this vulnerability is on system availability. When successfully exploited, it allows attackers to disrupt active communication channels between CODESYS products, potentially affecting industrial control systems and their operations (AttackerKB).

Users should upgrade affected CODESYS products to version 4.5.0.0 or later to address this vulnerability. The affected products include CODESYS Control for BeagleBone SL, Control for Beckhoff CX9020, Control for emPC-A/iMX6 SL, Control for IOT2000 SL, Control for Linux SL, and several other CODESYS products (NVD).