PT-2022-20946 · 3S Smart Software Solutions · Codesys V2 Plcwinnt+1
Avinash Hanwate
·
Published
2022-06-24
·
Updated
2022-12-01
·
CVE-2022-31806
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CODESYS V2 PLCWinNT and Runtime Toolkit 32 versions prior to V2.4.7.57
Description
The issue concerns password protection not being enabled by default. In cases where no password is set at the controller, there is no information or prompt to enable password protection at login.
Recommendations
For versions prior to V2.4.7.57, update to version V2.4.7.57 or later to enable password protection by default. As a temporary workaround, consider manually enabling password protection for the controller to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Codesys V2 Plcwinnt
Codesys V2 Runtime Toolkit 32