CVE-2022-31805: Insecure transmission of credentials
First published: Fri Jun 24 2022(Updated: )
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
Credit: info@cert.vde.com info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CODESYS Development System | <2.3.9.69 | |
| Codesys Edge Gateway | <3.5.18.30 | |
| CODESYS Gateway | <2.3.9.38 | |
| Codesys Hmi Sl | <3.5.18.30 | |
| Codesys Opc Server | <3.5.18.30 | |
| Codesys Plchandler | <3.5.18.30 | |
| CODESYS PLCWinNT | <2.4.7.57 | |
| Codesys Runtime Toolkit | <2.4.7.57 | |
| CODESYS SP Realtime NT | <2.3.7.30 | |
| CODESYS Web Server | <1.1.9.23 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup
- agent/severity
- agent/references
- agent/weakness
- agent/title
- agent/author
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- collector/nvd-api
- source/NVD
- vendor/codesys
- canonical/codesys development system
- canonical/codesys edge gateway
- canonical/codesys gateway
- canonical/codesys hmi sl
- canonical/codesys opc server
- canonical/codesys plchandler
- canonical/codesys plcwinnt
- canonical/codesys runtime toolkit
- canonical/codesys sp realtime nt
- canonical/codesys web server