CVE-2022-31805

EPSS 0.44%
Published 24.06.2022 08:15:07
Last modified 21.11.2024 07:05:22
Source info@cert.vde.com
Teams watchlist Login
Open Login

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Codesys ≫ Development System Version < 2.3.9.69

Codesys ≫ Edge Gateway SwPlatformwindows Version < 3.5.18.30

Codesys ≫ Gateway Version < 2.3.9.38

Codesys ≫ Hmi Sl Version < 3.5.18.30

Codesys ≫ Opc Server Version < 3.5.18.30

Codesys ≫ Plchandler Version < 3.5.18.30

Codesys ≫ Plcwinnt Version < 2.4.7.57

Codesys ≫ Runtime Toolkit HwPlatformx86 Version < 2.4.7.57

Codesys ≫ Sp Realtime Nt Version < 2.3.7.30

Codesys ≫ Web Server Version < 1.1.9.23

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.44%	0.624

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
info@cert.vde.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-523 Unprotected Transport of Credentials

Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download=

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-31805

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-31805

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-31805

EUVD