CVE-2022-31802

Summary

In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.

Affected Software

VendorProductVersion RangeStatus
CODESYSCODESYS Gateway Server V2V2 < V2.3.9.38affected

Weaknesses

  • CWE-187: CWE-187 Partial String Comparison

ADP Enrichment

CVE Program Container

Additional References

References