CRITICAL🇬🇧 English

CVE-2022-31806

CVSS 9.8v3.1pub. 2022-06-24upd. 2024-11-21

In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Codesys Plcwinnt

    APP
    Codesys
    < 2.4.7.57
  • Codesys Runtime Toolkit

    APP
    Codesys
    < 2.4.7.57
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-41738HIGH7.5ten sam produkt

An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to...

CVE-2023-6357HIGH8.8ten sam produkt

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via fil...

CVE-2022-4224HIGH8.8ten sam produkt

In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulner...

CVE-2022-1965HIGH8.1ten sam produkt

Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a ...

CVE-2022-32137HIGH8.8ten sam produkt

In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-bas...

CVE-2022-31806 — CRITICAL 9.8 | CVEbaza.pl