HIGH🇬🇧 English

CVE-2022-31805

CVSS 7.5v3.1pub. 2022-06-24upd. 2024-11-21

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Codesys Development System

    APP
    Codesys
    < 2.3.9.69
  • Codesys Edge Gateway

    APP
    Codesys
    < 3.5.18.30
  • Codesys Gateway

    APP
    Codesys
    < 2.3.9.38
  • Codesys Hmi Sl

    APP
    Codesys
    < 3.5.18.30
  • Codesys Opc Server

    APP
    Codesys
    < 3.5.18.30
  • Codesys Plchandler

    APP
    Codesys
    < 3.5.18.30
  • Codesys Plcwinnt

    APP
    Codesys
    < 2.4.7.57
  • Codesys Runtime Toolkit

    APP
    Codesys
    < 2.4.7.57
  • Codesys Sp Realtime Nt

    APP
    Codesys
    < 2.3.7.30
  • Codesys Web Server

    APP
    Codesys
    < 1.1.9.23
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-31806CRITICAL9.8ten sam produkt

In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enable...

CVE-2022-31802CRITICAL9.8ten sam produkt

In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been...

CVE-2019-9010CRITICAL9.8ten sam produkt

An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the own...

CVE-2018-10612CRITICAL9.8ten sam produkt

In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access managem...

CVE-2017-6025CRITICAL9.8ten sam produkt

A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The follo...