Lucene search

CERTVDECVELIST:CVE-2022-31806

HistoryJun 24, 2022 - 7:46 a.m.

CVE-2022-31806 Insecure default settings in CODESYS Runtime Toolkit 32 bit full and CODESYS PLCWinNT

2022-06-2407:46:17

CWE-1188

CERTVDE

www.cve.org

codesys

insecure

default settings

versions prior to v2.4.7.57

password protection

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

58.3%

JSON

In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller.

CNA Affected

[
  {
    "product": "CODESYS PLCWinNT",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V2.4.7.57",
        "status": "affected",
        "version": "V2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "CODESYS Runtime Toolkit 32 bit full",
    "vendor": "CODESYS",
    "versions": [
      {
        "lessThan": "V2.4.7.57",
        "status": "affected",
        "version": "V2",
        "versionType": "custom"
      }
    ]
  }
]

References

customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download=

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

58.3%

JSON

Related for CVELIST:CVE-2022-31806