CVE-2022-31802 — Vulnetix

CVE-2022-31802 PUBLISHED CVSS 9.800000190734863 CRITICAL

In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.

EPSS 0.53% · 67.6th percentile

Risk Scores

CVSS 3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.53%

67.6th percentile

Affected Products

Vendor	Product	Versions
CODESYS	CODESYS Gateway Server V2	V2
codesys	gateway	2.0

Exploit Intelligence

CIRCL seen: CVE-2022-31802 (circl-sighting)
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17141&token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66&download= (circl)

Timeline

Jun 24, 2022 CVE Published
Jun 25, 2022 EPSS Score
Aug 13, 2022 EPSS Score
Sep 29, 2022 EPSS Score
Nov 16, 2022 EPSS Score
Jan 3, 2023 EPSS Score
Feb 20, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 8, 2023 EPSS Score
May 26, 2023 EPSS Score
Jul 13, 2023 EPSS Score
Aug 30, 2023 EPSS Score

References

Open in Interactive Console →