CVE-2022-31805
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| CODESYS | CODESYS Development System | V2 < V2.3.9.69 | affected |
| CODESYS | CODESYS Development System | V3 < V3.5.18.30 | affected |
| CODESYS | CODESYS Gateway Client | V2 < V2.3.9.38 | affected |
| CODESYS | CODESYS Gateway Server | V2 < V2.3.9.38 | affected |
| CODESYS | CODESYS Web server | V1 < V1.1.9.23 | affected |
| CODESYS | CODESYS SP Realtime NT | V2 < V2.3.7.30 | affected |
| CODESYS | CODESYS PLCWinNT | V2 < V2.4.7.57 | affected |
| CODESYS | CODESYS Runtime Toolkit 32 bit full | V2 < V2.4.7.57 | affected |
| CODESYS | CODESYS Edge Gateway for Windows | V3 < V3.5.18.30 | affected |
| CODESYS | CODESYS HMI (SL) | V3 < V3.5.18.30 | affected |
| CODESYS | CODESYS OPC DA Server SL | V3 < V3.5.18.30 | affected |
| CODESYS | CODESYS PLCHandler | V3 < V3.5.18.30 | affected |
| CODESYS | CODESYS Gateway | V3 < V3.5.18.30 | affected |
Weaknesses
- CWE-523: CWE-523 Unprotected Transport of Credentials
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.