CVE-2022-4048Inadequate Encryption Strength in Development System V3

CWE-326Inadequate Encryption Strength3 documents3 sources
Severity
7.7HIGHNVD
EPSS
0.0%
top 85.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Codesys Development System V3Codesys Development System V3
Timeline
PublishedMay 15

Description

Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40 allows an unauthenticated local attacker to access and manipulate code of the encrypted boot application.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.5 | Impact: 5.2

Affected Packages2 packages

CVEListV5codesys/codesys_development_system_v3V0.0.0.0V3.5.18.40

🔴Vulnerability Details

2
GHSA
GHSA-hxgf-g28h-m63f: Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V32023-05-15
CVEList
CODESYS V3 prone to Inadequate Encryption Stregth2023-05-15
CVE-2022-4048 — Inadequate Encryption Strength | cvebase