ID

VAR-202206-1953


CVE

CVE-2022-31805


TITLE

CODESYS Development System Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202206-2454

DESCRIPTION

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected

Trust: 1.08

sources: NVD: CVE-2022-31805 // VULHUB: VHN-423674 // VULMON: CVE-2022-31805

AFFECTED PRODUCTS

vendor:codesysmodel:edge gatewayscope:ltversion:3.5.18.30

Trust: 1.0

vendor:codesysmodel:development systemscope:ltversion:2.3.9.69

Trust: 1.0

vendor:codesysmodel:gatewayscope:ltversion:2.3.9.38

Trust: 1.0

vendor:codesysmodel:plchandlerscope:ltversion:3.5.18.30

Trust: 1.0

vendor:codesysmodel:opc serverscope:ltversion:3.5.18.30

Trust: 1.0

vendor:codesysmodel:plcwinntscope:ltversion:2.4.7.57

Trust: 1.0

vendor:codesysmodel:web serverscope:ltversion:1.1.9.23

Trust: 1.0

vendor:codesysmodel:hmi slscope:ltversion:3.5.18.30

Trust: 1.0

vendor:codesysmodel:sp realtime ntscope:ltversion:2.3.7.30

Trust: 1.0

vendor:codesysmodel:runtime toolkitscope:ltversion:2.4.7.57

Trust: 1.0

sources: NVD: CVE-2022-31805

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-31805
value: HIGH

Trust: 1.0

info@cert.vde.com: CVE-2022-31805
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202206-2454
value: HIGH

Trust: 0.6

VULHUB: VHN-423674
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-31805
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-31805
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-423674
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-31805
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

sources: VULHUB: VHN-423674 // VULMON: CVE-2022-31805 // CNNVD: CNNVD-202206-2454 // NVD: CVE-2022-31805 // NVD: CVE-2022-31805

PROBLEMTYPE DATA

problemtype:CWE-523

Trust: 1.1

sources: VULHUB: VHN-423674 // NVD: CVE-2022-31805

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-2454

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202206-2454

PATCH

title:CODESYS Development System Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=199005

Trust: 0.6

title: - url:https://github.com/ic3sw0rd/Codesys_V2_Vulnerability

Trust: 0.1

sources: VULMON: CVE-2022-31805 // CNNVD: CNNVD-202206-2454

EXTERNAL IDS

db:NVDid:CVE-2022-31805

Trust: 1.8

db:CNNVDid:CNNVD-202206-2454

Trust: 0.6

db:VULHUBid:VHN-423674

Trust: 0.1

db:VULMONid:CVE-2022-31805

Trust: 0.1

sources: VULHUB: VHN-423674 // VULMON: CVE-2022-31805 // CNNVD: CNNVD-202206-2454 // NVD: CVE-2022-31805

REFERENCES

url:https://customers.codesys.com/index.php?eid=dumpfile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download=

Trust: 1.7

url:https://cxsecurity.com/cveshow/cve-2022-31805/

Trust: 0.6

url:https://customers.codesys.com/index.php?eid=dumpfile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download=

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/523.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/ic3sw0rd/codesys_v2_vulnerability

Trust: 0.1

sources: VULHUB: VHN-423674 // VULMON: CVE-2022-31805 // CNNVD: CNNVD-202206-2454 // NVD: CVE-2022-31805

SOURCES

db:VULHUBid:VHN-423674
db:VULMONid:CVE-2022-31805
db:CNNVDid:CNNVD-202206-2454
db:NVDid:CVE-2022-31805

LAST UPDATE DATE

2024-09-17T23:19:11.279000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-423674date:2022-09-23T00:00:00
db:VULMONid:CVE-2022-31805date:2022-07-07T00:00:00
db:CNNVDid:CNNVD-202206-2454date:2022-07-08T00:00:00
db:NVDid:CVE-2022-31805date:2024-09-16T19:16:03.700

SOURCES RELEASE DATE

db:VULHUBid:VHN-423674date:2022-06-24T00:00:00
db:VULMONid:CVE-2022-31805date:2022-06-24T00:00:00
db:CNNVDid:CNNVD-202206-2454date:2022-06-24T00:00:00
db:NVDid:CVE-2022-31805date:2022-06-24T08:15:07.590