{"containers": {"cna": {"affected": [{"product": "CODESYS PLCWinNT", "vendor": "CODESYS", "versions": [{"lessThan": "V2.4.7.57", "status": "affected", "version": "V2", "versionType": "custom"}]}, {"product": "CODESYS Runtime Toolkit 32 bit full", "vendor": "CODESYS", "versions": [{"lessThan": "V2.4.7.57", "status": "affected", "version": "V2", "versionType": "custom"}]}], "datePublic": "2022-06-23T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1188", "description": "CWE-1188 Insecure Default Initialization of Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-24T07:46:16.000Z", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download="}], "source": {"defect": ["CERT@VDE#", "64140"], "discovery": "UNKNOWN"}, "title": "Insecure default settings in CODESYS Runtime Toolkit 32 bit full and CODESYS PLCWinNT", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2022-06-23T10:00:00.000Z", "ID": "CVE-2022-31806", "STATE": "PUBLIC", "TITLE": "Insecure default settings in CODESYS Runtime Toolkit 32 bit full and CODESYS PLCWinNT"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CODESYS PLCWinNT", "version": {"version_data": [{"version_affected": "<", "version_name": "V2", "version_value": "V2.4.7.57"}]}}, {"product_name": "CODESYS Runtime Toolkit 32 bit full", "version": {"version_data": [{"version_affected": "<", "version_name": "V2", "version_value": "V2.4.7.57"}]}}]}, "vendor_name": "CODESYS"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-1188 Insecure Default Initialization of Resource"}]}]}, "references": {"reference_data": [{"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download=", "refsource": "CONFIRM", "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download="}]}, "source": {"defect": ["CERT@VDE#", "64140"], "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:26:01.118Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download="}]}]}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2022-31806", "datePublished": "2022-06-24T07:46:17.024Z", "dateReserved": "2022-05-30T00:00:00.000Z", "dateUpdated": "2024-09-17T03:27:59.221Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:codesys:plcwinnt:*:*:*:*:*:*:*:*", "matchCriteriaId": "6887DEB0-5C13-4D7B-86E6-504D8CBB2A0D", "versionEndExcluding": "2.4.7.57", "vulnerable": true}, {"criteria": "cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:x86:*", "matchCriteriaId": "5A605019-68F5-4C21-96BD-C300DECAA3D8", "versionEndExcluding": "2.4.7.57", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller."}, {"lang": "es", "value": "En CODESYS V2 PLCWinNT y Runtime Toolkit 32 en versiones anteriores a V2.4.7.57, la protecci\u00f3n por contrase\u00f1a no est\u00e1 habilitada por defecto y no se presenta informaci\u00f3n o aviso para habilitar la protecci\u00f3n por contrase\u00f1a en el inicio de sesi\u00f3n en caso de que no sea establecida una contrase\u00f1a en el controlador"}], "id": "CVE-2022-31806", "lastModified": "2024-11-21T07:05:22.200", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Secondary"}]}, "published": "2022-06-24T08:15:07.650", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download="}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download="}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1188"}], "source": "info@cert.vde.com", "type": "Secondary"}]}

{}

{}