Vulnerabilities > CVE-2022-31802 - Partial String Comparison vulnerability in Codesys Gateway

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

codesys

CWE-187

critical

NVD

Published: 2022-06-24

Updated: 2022-07-01

Summary

In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.

Vulnerable Configurations

Part	Description	Count
Application	Codesys Codesys Gateway *	1

Common Weakness Enumeration (CWE)

CWE-187 - Partial String Comparison

References

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17141&token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66&download=