CVE-2022-31805

CWE-5236 documents5 sources

Severity

7.5HIGH

EPSS

0.3%

top 48.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Codesys Codesys Development System Codesys Codesys Edge Gateway FOR Windows Codesys Codesys Gateway +19 more

Timeline

PublishedJun 24

Latest updateOct 15

Description

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages22 packages

▶NVDcodesys/development_system< 2.3.9.69

▶CVEListV5codesys/codesys_development_systemV2 — V2.3.9.69+1

▶CVEListV5codesys/codesys_opc_da_server_slV3 — V3.5.18.30

▶NVDcodesys/hmi_sl< 3.5.18.30

▶NVDcodesys/gateway< 2.3.9.38

🔴Vulnerability Details

GHSA

GHSA-q837-53gv-8r7r: In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers un↗2022-06-25

▶

CVEList

Insecure transmission of credentials↗2022-06-24

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: Configuration Management Platform (Apache Struts) — CVE-2021-31805↗2022-10-15

▶

Oracle

Oracle Oracle Hospitality Applications Risk Matrix: Login (Apache Struts) — CVE-2021-31805↗2022-07-15

▶