In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NCodesys Development System
APPCodesys< 2.3.9.69Codesys Edge Gateway
APPCodesys< 3.5.18.30Codesys Gateway
APPCodesys< 2.3.9.38Codesys Hmi Sl
APPCodesys< 3.5.18.30Codesys Opc Server
APPCodesys< 3.5.18.30Codesys Plchandler
APPCodesys< 3.5.18.30Codesys Plcwinnt
APPCodesys< 2.4.7.57Codesys Runtime Toolkit
APPCodesys< 2.4.7.57Codesys Sp Realtime Nt
APPCodesys< 2.3.7.30Codesys Web Server
APPCodesys< 1.1.9.23
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2022-31806CRITICAL9.8ten sam produkt
In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enable...
CVE-2022-31802CRITICAL9.8ten sam produkt
In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been...
CVE-2019-9010CRITICAL9.8ten sam produkt
An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the own...
CVE-2018-10612CRITICAL9.8ten sam produkt
In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access managem...
CVE-2017-6025CRITICAL9.8ten sam produkt
A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The follo...