CRITICAL🇬🇧 English

CVE-2022-31802

CVSS 9.8v3.1pub. 2022-06-24upd. 2024-11-21

In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Codesys Gateway

    APP
    Codesys
    2.0 – 2.3.9.38 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2019-9010CRITICAL9.8ten sam produkt

An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the own...

CVE-2022-30791HIGH7.5ten sam produkt

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorize...

CVE-2022-30792HIGH7.5ten sam produkt

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unautho...

CVE-2022-31804HIGH7.5ten sam produkt

The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauth...

CVE-2022-31805HIGH7.5ten sam produkt

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the comm...