CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-31802

In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.8%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17141&token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66&download=
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17141&token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66&download=

Products affected by CVE-2022-31802

Codesys » Gateway » Version: Any

cpe:2.3:a:codesys:gateway:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-31802

Products

Pricing

Contact Us