CVE-2022-31806 — CRITICAL (9.8)

Q: How severe is CVE-2022-31806?

CVE-2022-31806 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2022-31806?

Check the references section above for vendor advisories and patch information. Affected products include: Codesys Plcwinnt, Codesys Runtime Toolkit.

Vulnerability Description

In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Codesys	Plcwinnt	< 2.4.7.57
Codesys	Runtime Toolkit	< 2.4.7.57

Related Weaknesses (CWE)

CWE-1188

References

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4aThird Party Advisory
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4aThird Party Advisory

FAQ

What is CVE-2022-31806?

CVE-2022-31806 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login ...

How severe is CVE-2022-31806?

CVE-2022-31806 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-31806?

Check the references section above for vendor advisories and patch information. Affected products include: Codesys Plcwinnt, Codesys Runtime Toolkit.