CVE-2022-31805 - Vulnerability Details

Vendors	Products
Codesys	Development System Edge Gateway Gateway Hmi Sl Opc Server Plchandler Plcwinnt Runtime Toolkit Sp Realtime Nt Web Server

Link	Providers
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download=

Type	Values Removed	Values Added
Description	In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.	In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
Title	Insecure transmission of credentials	Insecure transmission of credentials

Show plain JSON

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CODESYS Development System", "vendor": "CODESYS", "versions": [{"lessThan": "V2.3.9.69", "status": "affected", "version": "V2", "versionType": "custom"}, {"lessThan": "V3.5.18.30", "status": "affected", "version": "V3", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Gateway Client", "vendor": "CODESYS", "versions": [{"lessThan": "V2.3.9.38", "status": "affected", "version": "V2", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Gateway Server", "vendor": "CODESYS", "versions": [{"lessThan": "V2.3.9.38", "status": "affected", "version": "V2", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Web server", "vendor": "CODESYS", "versions": [{"lessThan": "V1.1.9.23", "status": "affected", "version": "V1", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "CODESYS SP Realtime NT", "vendor": "CODESYS", "versions": [{"lessThan": "V2.3.7.30", "status": "affected", "version": "V2", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "CODESYS PLCWinNT", "vendor": "CODESYS", "versions": [{"lessThan": "V2.4.7.57", "status": "affected", "version": "V2", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Runtime Toolkit 32 bit full", "vendor": "CODESYS", "versions": [{"lessThan": "V2.4.7.57", "status": "affected", "version": "V2", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Edge Gateway for Windows", "vendor": "CODESYS", "versions": [{"lessThan": "V3.5.18.30", "status": "affected", "version": "V3", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "CODESYS HMI (SL)", "vendor": "CODESYS", "versions": [{"lessThan": "V3.5.18.30", "status": "affected", "version": "V3", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "CODESYS OPC DA Server SL", "vendor": "CODESYS", "versions": [{"lessThan": "V3.5.18.30", "status": "affected", "version": "V3", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "CODESYS PLCHandler", "vendor": "CODESYS", "versions": [{"lessThan": "V3.5.18.30", "status": "affected", "version": "V3", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "CODESYS Gateway", "vendor": "CODESYS", "versions": [{"lessThan": "V3.5.18.30", "status": "affected", "version": "V3", "versionType": "custom"}]}], "datePublic": "2022-06-22T22:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.</p>"}], "value": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-523", "description": "CWE-523 Unprotected Transport of Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-05-09T12:54:39.506Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download="}], "source": {"defect": ["CERT@VDE#", "64140"], "discovery": "UNKNOWN"}, "title": "Insecure transmission of credentials", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2022-06-23T10:00:00.000Z", "ID": "CVE-2022-31805", "STATE": "PUBLIC", "TITLE": "Insecure transmission of credentials"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CODESYS Development System", "version": {"version_data": [{"version_affected": "<", "version_name": "V2", "version_value": "V2.3.9.69"}, {"version_affected": "<", "version_name": "V3", "version_value": "V3.5.18.20"}]}}, {"product_name": "CODESYS Gateway Client", "version": {"version_data": [{"version_affected": "<", "version_name": "V2", "version_value": "V2.3.9.38"}]}}, {"product_name": "CODESYS Gateway Server", "version": {"version_data": [{"version_affected": "<", "version_name": "V2", "version_value": "V2.3.9.38"}]}}, {"product_name": "CODESYS Web server", "version": {"version_data": [{"version_affected": "<", "version_name": "V1", "version_value": "V1.1.9.23"}]}}, {"product_name": "CODESYS SP Realtime NT", "version": {"version_data": [{"version_affected": "<", "version_name": "V2", "version_value": "V2.3.7.30"}]}}, {"product_name": "CODESYS PLCWinNT", "version": {"version_data": [{"version_affected": "<", "version_name": "V2", "version_value": "V2.4.7.57"}]}}, {"product_name": "CODESYS Runtime Toolkit 32 bit full", "version": {"version_data": [{"version_affected": "<", "version_name": "V2", "version_value": "V2.4.7.57"}]}}, {"product_name": "CODESYS Edge Gateway for Windows", "version": {"version_data": [{"version_affected": "<", "version_name": "V3", "version_value": "V3.5.18.20"}]}}, {"product_name": "CODESYS HMI (SL)", "version": {"version_data": [{"version_affected": "<", "version_name": "V3", "version_value": "V3.5.18.20"}]}}, {"product_name": "CODESYS OPC DA Server SL", "version": {"version_data": [{"version_affected": "<", "version_name": "V3", "version_value": "V3.5.18.20"}]}}, {"product_name": "CODESYS PLCHandler", "version": {"version_data": [{"version_affected": "<", "version_name": "V3", "version_value": "V3.5.18.20"}]}}, {"product_name": "CODESYS Gateway", "version": {"version_data": [{"version_affected": "<", "version_name": "V3", "version_value": "V3.5.18.20"}]}}]}, "vendor_name": "CODESYS"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-523 Unprotected Transport of Credentials"}]}]}, "references": {"reference_data": [{"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download=", "refsource": "CONFIRM", "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download="}]}, "source": {"defect": ["CERT@VDE#", "64140"], "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:26:01.086Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download="}]}]}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2022-31805", "datePublished": "2022-06-24T07:46:15.076016Z", "dateReserved": "2022-05-30T00:00:00", "dateUpdated": "2024-09-16T18:55:26.939Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

defaultStatus : unaffected (string)

product : CODESYS Development System (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V2.3.9.69 (string)

status : affected (string)

version : V2 (string)

versionType : custom (string)

}

1 : { »

lessThan : V3.5.18.30 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

1 : { »

defaultStatus : unaffected (string)

product : CODESYS Gateway Client (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V2.3.9.38 (string)

status : affected (string)

version : V2 (string)

versionType : custom (string)

}

]

}

2 : { »

defaultStatus : unaffected (string)

product : CODESYS Gateway Server (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V2.3.9.38 (string)

status : affected (string)

version : V2 (string)

versionType : custom (string)

}

]

}

3 : { »

defaultStatus : unaffected (string)

product : CODESYS Web server (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V1.1.9.23 (string)

status : affected (string)

version : V1 (string)

versionType : custom (string)

}

]

}

4 : { »

defaultStatus : unaffected (string)

product : CODESYS SP Realtime NT (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V2.3.7.30 (string)

status : affected (string)

version : V2 (string)

versionType : custom (string)

}

]

}

5 : { »

defaultStatus : unaffected (string)

product : CODESYS PLCWinNT (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V2.4.7.57 (string)

status : affected (string)

version : V2 (string)

versionType : custom (string)

}

]

}

6 : { »

defaultStatus : unaffected (string)

product : CODESYS Runtime Toolkit 32 bit full (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V2.4.7.57 (string)

status : affected (string)

version : V2 (string)

versionType : custom (string)

}

]

}

7 : { »

defaultStatus : unaffected (string)

product : CODESYS Edge Gateway for Windows (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V3.5.18.30 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

8 : { »

defaultStatus : unaffected (string)

product : CODESYS HMI (SL) (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V3.5.18.30 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

9 : { »

defaultStatus : unaffected (string)

product : CODESYS OPC DA Server SL (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V3.5.18.30 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

10 : { »

defaultStatus : unaffected (string)

product : CODESYS PLCHandler (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V3.5.18.30 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

11 : { »

defaultStatus : unaffected (string)

product : CODESYS Gateway (string)

vendor : CODESYS (string)

versions : [ »

0 : { »

lessThan : V3.5.18.30 (string)

status : affected (string)

version : V3 (string)

versionType : custom (string)

}

]

}

]

datePublic : 2022-06-22T22:00:00.000Z (string)

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : <p>In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.</p> (string)

}

]

value : In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-523 (string)

description : CWE-523 Unprotected Transport of Credentials (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

orgId : 270ccfa6-a436-4e77-922e-914ec3a9685c (string)

shortName : CERTVDE (string)

dateUpdated : 2023-05-09T12:54:39.506Z (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download= (string)

}

]

source : { »

defect : [ »

0 : CERT@VDE# (string)

1 : 64140 (string)

]

discovery : UNKNOWN (string)

}

title : Insecure transmission of credentials (string)

x_generator : { »

engine : Vulnogram 0.0.9 (string)

}

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : info@cert.vde.com (string)

DATE_PUBLIC : 2022-06-23T10:00:00.000Z (string)

ID : CVE-2022-31805 (string)

STATE : PUBLIC (string)

TITLE : Insecure transmission of credentials (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : CODESYS Development System (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V2 (string)

version_value : V2.3.9.69 (string)

}

1 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V3.5.18.20 (string)

}

]

}

1 : { »

product_name : CODESYS Gateway Client (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V2 (string)

version_value : V2.3.9.38 (string)

}

]

}

2 : { »

product_name : CODESYS Gateway Server (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V2 (string)

version_value : V2.3.9.38 (string)

}

]

}

3 : { »

product_name : CODESYS Web server (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V1 (string)

version_value : V1.1.9.23 (string)

}

]

}

4 : { »

product_name : CODESYS SP Realtime NT (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V2 (string)

version_value : V2.3.7.30 (string)

}

]

}

5 : { »

product_name : CODESYS PLCWinNT (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V2 (string)

version_value : V2.4.7.57 (string)

}

]

}

6 : { »

product_name : CODESYS Runtime Toolkit 32 bit full (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V2 (string)

version_value : V2.4.7.57 (string)

}

]

}

7 : { »

product_name : CODESYS Edge Gateway for Windows (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V3.5.18.20 (string)

}

]

}

8 : { »

product_name : CODESYS HMI (SL) (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V3.5.18.20 (string)

}

]

}

9 : { »

product_name : CODESYS OPC DA Server SL (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V3.5.18.20 (string)

}

]

}

10 : { »

product_name : CODESYS PLCHandler (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V3.5.18.20 (string)

}

]

}

11 : { »

product_name : CODESYS Gateway (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_name : V3 (string)

version_value : V3.5.18.20 (string)

}

]

}

]

}

vendor_name : CODESYS (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. (string)

}

]

}

generator : { »

engine : Vulnogram 0.0.9 (string)

}

impact : { »

cvss : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-523 Unprotected Transport of Credentials (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download= (string)

refsource : CONFIRM (string)

url : https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download= (string)

}

]

}

source : { »

defect : [ »

0 : CERT@VDE# (string)

1 : 64140 (string)

]

discovery : UNKNOWN (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T07:26:01.086Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download= (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 270ccfa6-a436-4e77-922e-914ec3a9685c (string)

assignerShortName : CERTVDE (string)

cveId : CVE-2022-31805 (string)

datePublished : 2022-06-24T07:46:15.076016Z (string)

dateReserved : 2022-05-30T00:00:00 (string)

dateUpdated : 2024-09-16T18:55:26.939Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "85D06342-38A2-4E95-BE56-08D54271E41F", "versionEndExcluding": "2.3.9.69", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*", "matchCriteriaId": "EC5C6832-F0B3-46DF-8047-22A2544D937C", "versionEndExcluding": "3.5.18.30", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B9AE405-A0E5-48FF-9E8C-1A323D296445", "versionEndExcluding": "2.3.9.38", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*", "matchCriteriaId": "F23A1B9F-97EE-4E4C-AAB9-511B4A3ED98C", "versionEndExcluding": "3.5.18.30", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:opc_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "46CDFB44-9702-4978-B577-9D07DF3D04B0", "versionEndExcluding": "3.5.18.30", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:plchandler:*:*:*:*:*:*:*:*", "matchCriteriaId": "4932F620-43F8-4F3F-80AE-CD603BF05962", "versionEndExcluding": "3.5.18.30", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:plcwinnt:*:*:*:*:*:*:*:*", "matchCriteriaId": "6887DEB0-5C13-4D7B-86E6-504D8CBB2A0D", "versionEndExcluding": "2.4.7.57", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:x86:*", "matchCriteriaId": "5A605019-68F5-4C21-96BD-C300DECAA3D8", "versionEndExcluding": "2.4.7.57", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:sp_realtime_nt:*:*:*:*:*:*:*:*", "matchCriteriaId": "14F1D049-7DF2-453A-9D5A-7FCBCAD465E3", "versionEndExcluding": "2.3.7.30", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:web_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "971AF379-F2B6-4791-B153-718517CA3E62", "versionEndExcluding": "1.1.9.23", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected."}, {"lang": "es", "value": "En CODESYS Development System, varios componentes en diversos versiones transmiten las contrase\u00f1as para la comunicaci\u00f3n entre clientes y servidores sin protecci\u00f3n"}], "id": "CVE-2022-31805", "lastModified": "2024-11-21T07:05:22.057", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "info@cert.vde.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2022-06-24T08:15:07.590", "references": [{"source": "info@cert.vde.com", "tags": ["Vendor Advisory"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download="}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download="}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-523"}], "source": "info@cert.vde.com", "type": "Secondary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 85D06342-38A2-4E95-BE56-08D54271E41F (string)

versionEndExcluding : 2.3.9.69 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:* (string)

matchCriteriaId : EC5C6832-F0B3-46DF-8047-22A2544D937C (string)

versionEndExcluding : 3.5.18.30 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6B9AE405-A0E5-48FF-9E8C-1A323D296445 (string)

versionEndExcluding : 2.3.9.38 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F23A1B9F-97EE-4E4C-AAB9-511B4A3ED98C (string)

versionEndExcluding : 3.5.18.30 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:codesys:opc_server:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 46CDFB44-9702-4978-B577-9D07DF3D04B0 (string)

versionEndExcluding : 3.5.18.30 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:codesys:plchandler:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 4932F620-43F8-4F3F-80AE-CD603BF05962 (string)

versionEndExcluding : 3.5.18.30 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:codesys:plcwinnt:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6887DEB0-5C13-4D7B-86E6-504D8CBB2A0D (string)

versionEndExcluding : 2.4.7.57 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:x86:* (string)

matchCriteriaId : 5A605019-68F5-4C21-96BD-C300DECAA3D8 (string)

versionEndExcluding : 2.4.7.57 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:codesys:sp_realtime_nt:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 14F1D049-7DF2-453A-9D5A-7FCBCAD465E3 (string)

versionEndExcluding : 2.3.7.30 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:codesys:web_server:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 971AF379-F2B6-4791-B153-718517CA3E62 (string)

versionEndExcluding : 1.1.9.23 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. (string)

}

1 : { »

lang : es (string)

value : En CODESYS Development System, varios componentes en diversos versiones transmiten las contraseñas para la comunicación entre clientes y servidores sin protección (string)

}

]

id : CVE-2022-31805 (string)

lastModified : 2024-11-21T07:05:22.057 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 4.3 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : info@cert.vde.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Secondary (string)

}

]

}

published : 2022-06-24T08:15:07.590 (string)

references : [ »

0 : { »

source : info@cert.vde.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download= (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download= (string)

}

]

sourceIdentifier : info@cert.vde.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-523 (string)

}

]

source : info@cert.vde.com (string)

type : Secondary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object