CVE-2022-31802 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-31802 PUBLISHED CVSS 9.800000190734863 CRITICAL

In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.

EPSS 0.53% · 67.0th percentile

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.53%

67.0th percentile

Affected Products

Vendor	Product	Versions
CODESYS	CODESYS Gateway Server V2	V2
codesys	gateway	2.0

Timeline

Jun 24, 2022 CVE Published
Jun 25, 2022 EPSS Score
Aug 12, 2022 EPSS Score
Sep 28, 2022 EPSS Score
Nov 14, 2022 EPSS Score
Jan 1, 2023 EPSS Score
Feb 17, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 5, 2023 EPSS Score
May 22, 2023 EPSS Score
Jul 8, 2023 EPSS Score
Aug 24, 2023 EPSS Score

References

Open in Interactive Console →