CVE-2022-31805

Summary

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.

Affected Software

VendorProductVersion RangeStatus
CODESYSCODESYS Development SystemV2 < V2.3.9.69affected
CODESYSCODESYS Development SystemV3 < V3.5.18.30affected
CODESYSCODESYS Gateway ClientV2 < V2.3.9.38affected
CODESYSCODESYS Gateway ServerV2 < V2.3.9.38affected
CODESYSCODESYS Web serverV1 < V1.1.9.23affected
CODESYSCODESYS SP Realtime NTV2 < V2.3.7.30affected
CODESYSCODESYS PLCWinNTV2 < V2.4.7.57affected
CODESYSCODESYS Runtime Toolkit 32 bit fullV2 < V2.4.7.57affected
CODESYSCODESYS Edge Gateway for WindowsV3 < V3.5.18.30affected
CODESYSCODESYS HMI (SL)V3 < V3.5.18.30affected
CODESYSCODESYS OPC DA Server SLV3 < V3.5.18.30affected
CODESYSCODESYS PLCHandlerV3 < V3.5.18.30affected
CODESYSCODESYS GatewayV3 < V3.5.18.30affected

Weaknesses

  • CWE-523: CWE-523 Unprotected Transport of Credentials

ADP Enrichment

CVE Program Container

Additional References

References