Code injection

2022-06-2408:15:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.5%

JSON

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.

CPENameOperatorVersion
development_systemlt2.3.9.69
edge_gatewaylt3.5.18.30
gatewaylt2.3.9.38
hmi_sllt3.5.18.30
opc_serverlt3.5.18.30
plchandlerlt3.5.18.30
plcwinntlt2.4.7.57
runtime_toolkitlt2.4.7.57
sp_realtime_ntlt2.3.7.30
web_serverlt1.1.9.23

Name	Operator	Version
development_system	lt	2.3.9.69
edge_gateway	lt	3.5.18.30
gateway	lt	2.3.9.38
hmi_sl	lt	3.5.18.30
opc_server	lt	3.5.18.30
plchandler	lt	3.5.18.30
plcwinnt	lt	2.4.7.57
runtime_toolkit	lt	2.4.7.57
sp_realtime_nt	lt	2.3.7.30
web_server	lt	1.1.9.23