CVE-2022-31805
published 2022-06-24CVE-2022-31805: In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codesys | codesys_development_system | >= V2 < V2.3.9.69 | V2.3.9.69 |
| codesys | codesys_development_system | >= V3 < V3.5.18.30 | V3.5.18.30 |
| codesys | codesys_edge_gateway_for_windows | >= V3 < V3.5.18.30 | V3.5.18.30 |
| codesys | codesys_gateway | >= V3 < V3.5.18.30 | V3.5.18.30 |
| codesys | codesys_gateway_client | >= V2 < V2.3.9.38 | V2.3.9.38 |
| codesys | codesys_gateway_server | >= V2 < V2.3.9.38 | V2.3.9.38 |
| codesys | codesys_hmi | >= V3 < V3.5.18.30 | V3.5.18.30 |
| codesys | codesys_opc_da_server_sl | >= V3 < V3.5.18.30 | V3.5.18.30 |
| codesys | codesys_plchandler | >= V3 < V3.5.18.30 | V3.5.18.30 |
| codesys | codesys_plcwinnt | >= V2 < V2.4.7.57 | V2.4.7.57 |
| codesys | codesys_runtime_toolkit_32_bit_full | >= V2 < V2.4.7.57 | V2.4.7.57 |
| codesys | codesys_sp_realtime_nt | >= V2 < V2.3.7.30 | V2.3.7.30 |
| codesys | codesys_web_server | >= V1 < V1.1.9.23 | V1.1.9.23 |
| codesys | development_system | < 2.3.9.69 | 2.3.9.69 |
| codesys | edge_gateway | < 3.5.18.30 | 3.5.18.30 |
| codesys | gateway | < 2.3.9.38 | 2.3.9.38 |
| codesys | hmi_sl | < 3.5.18.30 | 3.5.18.30 |
| codesys | opc_server | < 3.5.18.30 | 3.5.18.30 |
| codesys | plchandler | < 3.5.18.30 | 3.5.18.30 |
| codesys | plcwinnt | < 2.4.7.57 | 2.4.7.57 |
| codesys | runtime_toolkit | < 2.4.7.57 | 2.4.7.57 |
| codesys | sp_realtime_nt | < 2.3.7.30 | 2.3.7.30 |
| codesys | web_server | < 1.1.9.23 | 1.1.9.23 |