CVE-2022-1794

Summary

The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system.

Affected Software

VendorProductVersion RangeStatus
CODESYSCODESYS OPC DA ServerV3 <= V3.5.18.20affected

Weaknesses

  • CWE-256: CWE-256 Unprotected Storage of Credentials

ADP Enrichment

CVE Program Container

Additional References

References