CVE-2024-41975Initialization of a Resource with an Insecure Default in Edge Gateway

CWE-1188Initialization of a Resource with an Insecure Default3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 72.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Codesys Edge GatewayCodesys Gateway FOR Windows
Timeline
PublishedMar 18

Description

An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to the PLCs.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5codesys/codesys_edge_gateway< 3.5.21.0

🔴Vulnerability Details

2
GHSA
GHSA-f9hf-p7m4-xh2g: An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to t2025-03-18
CVEList
CODESYS (Edge) Gateway for Windows insecure default2025-03-18
CVE-2024-41975 — Codesys Edge Gateway vulnerability | cvebase