CODESYS Gateway Server V2 denial of service | CVE-2022-31802

June 25, 2022

NAME

CODESYS Gateway Server V2 denial of service

  • Platforms Affected:
    CODESYS Gateway Server V2 2.3.9.37
  • Risk Level:
    9.8
  • Exploitability:
    Unproven
  • Consequences:
    Gain Access

DESCRIPTION

CODESYS Gateway Server V2 could provide weaker than expected security, caused by the failure to sufficiently verify the specified password during login. A remote attacker could exploit this vulnerability to launch further attacks on the system.

CVSS 3.0 Information

  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Access Vector: Network
  • Access Complexity: Low
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
  • Remediation Level: Official Fix

MITIGATION

Refer to CODESYS Advisory 2022-12 for patch, upgrade or suggested workaround information. See References.

  • Reference Link:
    https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download=
  • Reference Link:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31802

If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.

Digital Patreon Wordmark FieryCoralv2

You may have missed

unlock membership

Unveiling Blockchain Security: Safeguarding the Digital Ledger

November 22, 2024
news

A Fifth of UK Enterprises Uncertain About NIS2 Compliance Requirements

November 22, 2024
news

Scattered Spider Case: Five Arrested in Major Cybercrime Investigation

November 22, 2024
news

BianLian Ransomware Group Updates Tactics: A Growing Risk to Critical Infrastructure

November 22, 2024
news

Infostealer Malware Insights: VietCredCare vs. DuckTail in Vietnam

November 22, 2024