CVE-2022-31806

{"id": "CVE-2022-31806", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "info@cert.vde.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-06-24T08:15:07.650", "references": [{"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download=", "tags": ["Third Party Advisory"], "source": "info@cert.vde.com"}, {"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download=", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-1188"}]}], "descriptions": [{"lang": "en", "value": "In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller."}, {"lang": "es", "value": "En CODESYS V2 PLCWinNT y Runtime Toolkit 32 en versiones anteriores a V2.4.7.57, la protecci\u00f3n por contrase\u00f1a no est\u00e1 habilitada por defecto y no se presenta informaci\u00f3n o aviso para habilitar la protecci\u00f3n por contrase\u00f1a en el inicio de sesi\u00f3n en caso de que no sea establecida una contrase\u00f1a en el controlador"}], "lastModified": "2024-11-21T07:05:22.200", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:codesys:plcwinnt:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6887DEB0-5C13-4D7B-86E6-504D8CBB2A0D", "versionEndExcluding": "2.4.7.57"}, {"criteria": "cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:x86:*", "vulnerable": true, "matchCriteriaId": "5A605019-68F5-4C21-96BD-C300DECAA3D8", "versionEndExcluding": "2.4.7.57"}], "operator": "OR"}]}], "sourceIdentifier": "info@cert.vde.com"}