CVE-2022-31802
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| CODESYS | CODESYS Gateway Server V2 | V2 < V2.3.9.38 | affected |
Weaknesses
- CWE-187: CWE-187 Partial String Comparison
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.