CVE-2022-31805 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CERTVDE	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 50%

Affected Products (NVD)

Vendor	Product	Version
codesys	development_system	𝑥 < 2.3.9.69
codesys	edge_gateway	𝑥 < 3.5.18.30
codesys	gateway	𝑥 < 2.3.9.38
codesys	hmi_sl	𝑥 < 3.5.18.30
codesys	opc_server	𝑥 < 3.5.18.30
codesys	plchandler	𝑥 < 3.5.18.30
codesys	plcwinnt	𝑥 < 2.4.7.57
codesys	runtime_toolkit	𝑥 < 2.4.7.57
codesys	sp_realtime_nt	𝑥 < 2.3.7.30
codesys	web_server	𝑥 < 1.1.9.23

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-523 - Unprotected Transport of Credentials
Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.

References

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download=

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download=