CODESYS products man-in-the-middle | CVE-2022-31805
NAME
CODESYS products man-in-the-middle
- Platforms Affected:
CODESYS Development System 2.3.9.68
CODESYS Gateway Client 2.3.9.68
CODESYS Gateway Server 2.3.9.68
CODESYS Web server 1.1.9.22
CODESYS SP Realtime NT 2.3.7.29
CODESYS PLCWinNT 2.4.7.56 - Risk Level:
9.8 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
CODESYS products could allow a remote attacker to conduct man-in-the-middle attacks, caused by improper implementation of transport layer security. By sniffing the network traffic, an attacker could exploit this vulnerability to gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to CODESYS Advisory 2022-13 for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17141&token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66&download= - Reference Link:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31805
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
