PT-2022-20942 · 3S Smart Software Solutions · Codesys Gateway Server
Published
2022-06-24
·
Updated
2025-07-01
·
CVE-2022-31802
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CODESYS Gateway Server V2 versions prior to V2.3.9.38
Description
The issue allows an attacker to perform authentication by specifying a small password that matches a part of the longer real CODESYS Gateway password, as only a part of the specified password is compared to the real password.
Recommendations
For versions prior to V2.3.9.38, update to version V2.3.9.38 or later to resolve the issue. As a temporary workaround, consider restricting access to the authentication mechanism until a patch is applied.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Codesys Gateway Server