CVE-2022-31806
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| CODESYS | CODESYS PLCWinNT | V2 < V2.4.7.57 | affected |
| CODESYS | CODESYS Runtime Toolkit 32 bit full | V2 < V2.4.7.57 | affected |
Weaknesses
- CWE-1188: CWE-1188 Insecure Default Initialization of Resource
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.