CVE-2022-31803

CWE-400Uncontrolled Resource Consumption3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.4%
top 42.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Codesys Codesys Gateway Server V2Codesys Gateway
Timeline
PublishedJun 24
Latest updateJun 25

Description

In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5codesys/codesys_gateway_server_v2V2V2.3.9.38
NVDcodesys/gateway2.02.3.9.38

🔴Vulnerability Details

2
GHSA
GHSA-9348-vpwc-ch78: In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all availa2022-06-25
CVEList
CODESYS Gateway Server V2 prone to Denial of Service Attack2022-06-24
CVE-2022-31803 (MEDIUM CVSS 5.3) | In CODESYS Gateway Server V2 an ins | cvebase.io