Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-31804 (GCVE-0-2022-31804)
Vulnerability from cvelistv5 – Published: 2022-06-24 07:46 – Updated: 2024-09-16 20:16
VLAI?
EPSS
Title
CODESYS Gateway server prone to denial of service attack due to excessive memory allocation
Summary
The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.
Severity ?
7.5 (High)
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CODESYS | CODESYS Gateway Server V2 |
Affected:
unspecified , < V2.3.9.38
(custom)
|
Date Public ?
2022-06-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CODESYS Gateway Server V2",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V2.3.9.38",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789: Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-24T07:46:12.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CODESYS Gateway server prone to denial of service attack due to excessive memory allocation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-06-09T08:02:00.000Z",
"ID": "CVE-2022-31804",
"STATE": "PUBLIC",
"TITLE": "CODESYS Gateway server prone to denial of service attack due to excessive memory allocation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Gateway Server V2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "V2.3.9.38"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-789: Memory Allocation with Excessive Size Value"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-31804",
"datePublished": "2022-06-24T07:46:13.080Z",
"dateReserved": "2022-05-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:16:34.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.0\", \"versionEndExcluding\": \"2.3.9.38\", \"matchCriteriaId\": \"BB2B49E7-1AE9-418A-AC9E-0166D16F38BD\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.\"}, {\"lang\": \"es\", \"value\": \"El CODESYS Gateway Server versi\\u00f3nV2 no verifica que el tama\\u00f1o de una petici\\u00f3n est\\u00e9 dentro de los l\\u00edmites previstos. Un atacante no autenticado puede asignar una cantidad arbitraria de memoria, lo que puede conllevar a un bloqueo del Gateway debido a una condici\\u00f3n de falta de memoria\"}]",
"id": "CVE-2022-31804",
"lastModified": "2024-11-21T07:05:21.927",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"info@cert.vde.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2022-06-24T08:15:07.527",
"references": "[{\"url\": \"https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download=\", \"source\": \"info@cert.vde.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download=\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"info@cert.vde.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-789\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-31804\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2022-06-24T08:15:07.527\",\"lastModified\":\"2024-11-21T07:05:21.927\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.\"},{\"lang\":\"es\",\"value\":\"El CODESYS Gateway Server versi\u00f3nV2 no verifica que el tama\u00f1o de una petici\u00f3n est\u00e9 dentro de los l\u00edmites previstos. Un atacante no autenticado puede asignar una cantidad arbitraria de memoria, lo que puede conllevar a un bloqueo del Gateway debido a una condici\u00f3n de falta de memoria\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-789\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0\",\"versionEndExcluding\":\"2.3.9.38\",\"matchCriteriaId\":\"BB2B49E7-1AE9-418A-AC9E-0166D16F38BD\"}]}]}],\"references\":[{\"url\":\"https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download=\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download=\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
CVE-2022-31804
Vulnerability from csaf_festosecokg - Published: 2024-12-03 11:00 - Updated: 2024-12-03 14:00Summary
Several Codesys Gateway v2 vulnerabilities in Codesys provided by Festo
Notes
General Recommendation
As part of a security strategy, Festo recommends the following general defense measures to reduce the risk of exploits:
- Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside
- Use firewalls to protect and separate the control system network from other networks
- Use VPN (Virtual Private Networks) tunnels if remote access is required
- Activate and apply user management and password features
- Use encrypted communication links
- Limit the access to both development and control system by physical means, operating system features, etc.
- Protect both development and control system by using up to date virus detecting solutions
Festo strongly recommends to minimize and protect network access to connected devices with state of the art techniques and processes.
For a secure operation follow the recommendations in the product manuals.
Summary
An unauthenticated attacker would be able to send crafted requests to cause the CODESYS Gateway Server V2 to allocate excessive memory or consume all available TCP client connections. Besides, passwords are insufficiently checked during login.
All versions of the following CODESYS V2 product prior version V2.3.9.38 are affected:
• CODESYS Gateway Server
Disclaimer
Festo assumes no liability whatsoever for indirect, collateral, accidental or consequential losses that occur by the distribution and/or use of this document or any losses in connection with the distribution and/or use of this document. All information published in this document is provided free of charge and on good faith by Festo. Insofar as permissible by law, however, none of this information shall establish any warranty, guarantee, commitment or liability on the part of Festo. Note: In no case does these information release the operator or responsible person from the obligation to check the effect on his system or installation before using the information and, in the event of negative consequences, not to use the information.
In addition, the actual general terms and conditions of Festo for delivery, payment and software use shall apply, available under http://www.festo.com.
Impact
The identified vulnerabilities could lead to denial-of-service attacks, exhaustion of TCP connections, and unauthorized access to the system.
Mitigation
For all CVEs: Enable password protection at login in case no password is set at the controller. Please note that the password configuration file is not covered via default FFT backup & Restore mechanism, you must select the related file manually.
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination and support with this publication",
"urls": [
"https://certvde.com/"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "As part of a security strategy, Festo recommends the following general defense measures to reduce the risk of exploits: \n- Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside \n- Use firewalls to protect and separate the control system network from other networks \n- Use VPN (Virtual Private Networks) tunnels if remote access is required \n- Activate and apply user management and password features \n- Use encrypted communication links \n- Limit the access to both development and control system by physical means, operating system features, etc. \n- Protect both development and control system by using up to date virus detecting solutions \n\nFesto strongly recommends to minimize and protect network access to connected devices with state of the art techniques and processes. \nFor a secure operation follow the recommendations in the product manuals.",
"title": "General Recommendation"
},
{
"category": "summary",
"text": "An unauthenticated attacker would be able to send crafted requests to cause the CODESYS Gateway Server V2 to allocate excessive memory or consume all available TCP client connections. Besides, passwords are insufficiently checked during login.\n\nAll versions of the following CODESYS V2 product prior version V2.3.9.38 are affected:\n\n\u2022 CODESYS Gateway Server",
"title": "Summary"
},
{
"category": "legal_disclaimer",
"text": "Festo assumes no liability whatsoever for indirect, collateral, accidental or consequential losses that occur by the distribution and/or use of this document or any losses in connection with the distribution and/or use of this document. All information published in this document is provided free of charge and on good faith by Festo. Insofar as permissible by law, however, none of this information shall establish any warranty, guarantee, commitment or liability on the part of Festo. Note: In no case does these information release the operator or responsible person from the obligation to check the effect on his system or installation before using the information and, in the event of negative consequences, not to use the information.\n\n\nIn addition, the actual general terms and conditions of Festo for delivery, payment and software use shall apply, available under http://www.festo.com.",
"title": "Disclaimer"
},
{
"category": "description",
"text": "The identified vulnerabilities could lead to denial-of-service attacks, exhaustion of TCP connections, and unauthorized access to the system.",
"title": "Impact"
},
{
"category": "description",
"text": "For all CVEs: Enable password protection at login in case no password is set at the controller. Please note that the password configuration file is not covered via default FFT backup \u0026 Restore mechanism, you must select the related file manually.",
"title": "Mitigation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@festo.com",
"name": "Festo SE \u0026 Co. KG",
"namespace": "https://festo.com"
},
"references": [
{
"category": "external",
"summary": "For further security-related issues in Festo products please contact the Festo Product Security Incident Response Team (PSIRT)",
"url": "https://festo.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories",
"url": "https://certvde.com/en/advisories/vendor/festo/"
},
{
"category": "self",
"summary": "FSA-202406: Several Codesys Gateway v2 vulnerabilities in Codesys provided by Festo - CSAF",
"url": "https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2024/fsa-202406.json"
},
{
"category": "self",
"summary": "FSA-202406: Several Codesys Gateway v2 vulnerabilities in Codesys provided by Festo - HTML",
"url": "https://certvde.com/en/advisories/VDE-2024-059"
}
],
"title": "Several Codesys Gateway v2 vulnerabilities in Codesys provided by Festo",
"tracking": {
"aliases": [
"VDE-2024-059"
],
"current_release_date": "2024-12-03T14:00:00.000Z",
"generator": {
"date": "2024-12-03T14:34:47.564Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.15"
}
},
"id": "FSA-202406",
"initial_release_date": "2024-12-03T11:00:00.000Z",
"revision_history": [
{
"date": "2024-12-03T11:00:00.000Z",
"number": "1.0.0",
"summary": "Initial version"
},
{
"date": "2024-12-03T14:00:00.000Z",
"number": "2.0.0",
"summary": "One reference has been corrected"
}
],
"status": "final",
"version": "2.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "CODESYS provided by Festo all versions",
"product_id": "prod1-CodesysV2"
}
}
],
"category": "product_family",
"name": "CODESYS provided by Festo"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "FESTO"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-31802",
"cwe": {
"id": "CWE-187",
"name": "Partial String Comparison"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"prod1-CodesysV2"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Enable password protection at login in case no password is set at the controller. Please note that the password configuration file is not covered by the default FFT backup and restore mechanism. You must select the related file manually.",
"product_ids": [
"prod1-CodesysV2"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"environmentalScore": 7.5,
"integrityImpact": "PARTIAL",
"temporalScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"prod1-CodesysV2"
]
}
],
"title": "CVE-2022-31802"
},
{
"cve": "CVE-2022-31803",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"prod1-CodesysV2"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Enable password protection at login in case no password is set at the controller. Please note that the password configuration file is not covered by the default FFT backup and restore mechanism. You must select the related file manually.",
"product_ids": [
"prod1-CodesysV2"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5,
"confidentialityImpact": "NONE",
"environmentalScore": 5,
"integrityImpact": "NONE",
"temporalScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"prod1-CodesysV2"
]
}
],
"title": "CVE-2022-31803"
},
{
"cve": "CVE-2022-31804",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"prod1-CodesysV2"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Enable password protection at login in case no password is set at the controller. Please note that the password configuration file is not covered by the default FFT backup and restore mechanism. You must select the related file manually.",
"product_ids": [
"prod1-CodesysV2"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5,
"confidentialityImpact": "NONE",
"environmentalScore": 5,
"integrityImpact": "NONE",
"temporalScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"prod1-CodesysV2"
]
}
],
"title": "CVE-2022-31804"
}
]
}
VAR-202206-1829
Vulnerability from variot - Updated: 2023-12-18 13:42The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1829",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "codesys",
"version": "2.3.9.38"
},
{
"model": "gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "codesys",
"version": "2.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31804"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.3.9.38",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31804"
}
]
},
"cve": "CVE-2022-31804",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-423673",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-31804",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "info@cert.vde.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-31804",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2022-31804",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2453",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-423673",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-31804",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423673"
},
{
"db": "VULMON",
"id": "CVE-2022-31804"
},
{
"db": "NVD",
"id": "CVE-2022-31804"
},
{
"db": "NVD",
"id": "CVE-2022-31804"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2453"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31804"
},
{
"db": "VULHUB",
"id": "VHN-423673"
},
{
"db": "VULMON",
"id": "CVE-2022-31804"
}
],
"trust": 1.08
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-31804",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2453",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-423673",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-31804",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423673"
},
{
"db": "VULMON",
"id": "CVE-2022-31804"
},
{
"db": "NVD",
"id": "CVE-2022-31804"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2453"
}
]
},
"id": "VAR-202206-1829",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-423673"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:42:03.665000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CODESYS Gateway Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=197309"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2453"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-789",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423673"
},
{
"db": "NVD",
"id": "CVE-2022-31804"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-31804/"
},
{
"trust": 0.1,
"url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17141\u0026amp;token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026amp;download="
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/789.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423673"
},
{
"db": "VULMON",
"id": "CVE-2022-31804"
},
{
"db": "NVD",
"id": "CVE-2022-31804"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2453"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-423673"
},
{
"db": "VULMON",
"id": "CVE-2022-31804"
},
{
"db": "NVD",
"id": "CVE-2022-31804"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2453"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-24T00:00:00",
"db": "VULHUB",
"id": "VHN-423673"
},
{
"date": "2022-06-24T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31804"
},
{
"date": "2022-06-24T08:15:07.527000",
"db": "NVD",
"id": "CVE-2022-31804"
},
{
"date": "2022-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2453"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-01T00:00:00",
"db": "VULHUB",
"id": "VHN-423673"
},
{
"date": "2022-07-01T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31804"
},
{
"date": "2022-07-01T13:35:00.340000",
"db": "NVD",
"id": "CVE-2022-31804"
},
{
"date": "2022-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2453"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2453"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CODESYS Gateway Server Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2453"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2453"
}
],
"trust": 0.6
}
}
FKIE_CVE-2022-31804
Vulnerability from fkie_nvd - Published: 2022-06-24 08:15 - Updated: 2024-11-21 07:05
Severity ?
Summary
The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB2B49E7-1AE9-418A-AC9E-0166D16F38BD",
"versionEndExcluding": "2.3.9.38",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition."
},
{
"lang": "es",
"value": "El CODESYS Gateway Server versi\u00f3nV2 no verifica que el tama\u00f1o de una petici\u00f3n est\u00e9 dentro de los l\u00edmites previstos. Un atacante no autenticado puede asignar una cantidad arbitraria de memoria, lo que puede conllevar a un bloqueo del Gateway debido a una condici\u00f3n de falta de memoria"
}
],
"id": "CVE-2022-31804",
"lastModified": "2024-11-21T07:05:21.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Secondary"
}
]
},
"published": "2022-06-24T08:15:07.527",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-789"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
}
]
}
ICSA-25-182-03
Vulnerability from csaf_cisa - Published: 2024-12-03 11:00 - Updated: 2024-12-03 11:00Summary
FESTO CODESYS
Notes
General Recommendation
As part of a security strategy, Festo recommends the following general defense measures to reduce the risk of exploits:
- Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside
- Use firewalls to protect and separate the control system network from other networks
- Use VPN (Virtual Private Networks) tunnels if remote access is required
- Activate and apply user management and password features
- Use encrypted communication links
- Limit the access to both development and control system by physical means, operating system features, etc.
- Protect both development and control system by using up to date virus detecting solutions
Festo strongly recommends to minimize and protect network access to connected devices with state of the art techniques and processes.
For a secure operation follow the recommendations in the product manuals.
Summary
An unauthenticated attacker would be able to send crafted requests to cause the CODESYS Gateway Server V2 to allocate excessive memory or consume all available TCP client connections. Besides, passwords are insufficiently checked during login.
All versions of the following CODESYS V2 product prior version V2.3.9.38 are affected:
• CODESYS Gateway Server
Disclaimer
Festo assumes no liability whatsoever for indirect, collateral, accidental or consequential losses that occur by the distribution and/or use of this document or any losses in connection with the distribution and/or use of this document. All information published in this document is provided free of charge and on good faith by Festo. Insofar as permissible by law, however, none of this information shall establish any warranty, guarantee, commitment or liability on the part of Festo. Note: In no case does these information release the operator or responsible person from the obligation to check the effect on his system or installation before using the information and, in the event of negative consequences, not to use the information.
In addition, the actual general terms and conditions of Festo for delivery, payment and software use shall apply, available under http://www.festo.com.
Impact
The identified vulnerabilities could lead to denial-of-service attacks, exhaustion of TCP connections, and unauthorized access to the system.
Mitigation
For all CVEs: Enable password protection at login in case no password is set at the controller. Please note that the password configuration file is not covered via default FFT backup & Restore mechanism, you must select the related file manually.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This ICSA is a verbatim republication of Festo SE FSA-202406 from a direct conversion of their vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Festo SE directly for any questions regarding this advisory.
Critical infrastructure sectors
Critical manufacturing
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination and support with this publication",
"urls": [
"https://certvde.com/"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "As part of a security strategy, Festo recommends the following general defense measures to reduce the risk of exploits: \n- Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside \n- Use firewalls to protect and separate the control system network from other networks \n- Use VPN (Virtual Private Networks) tunnels if remote access is required \n- Activate and apply user management and password features \n- Use encrypted communication links \n- Limit the access to both development and control system by physical means, operating system features, etc. \n- Protect both development and control system by using up to date virus detecting solutions \n\nFesto strongly recommends to minimize and protect network access to connected devices with state of the art techniques and processes. \nFor a secure operation follow the recommendations in the product manuals.",
"title": "General Recommendation"
},
{
"category": "summary",
"text": "An unauthenticated attacker would be able to send crafted requests to cause the CODESYS Gateway Server V2 to allocate excessive memory or consume all available TCP client connections. Besides, passwords are insufficiently checked during login.\n\nAll versions of the following CODESYS V2 product prior version V2.3.9.38 are affected:\n\n\u2022 CODESYS Gateway Server",
"title": "Summary"
},
{
"category": "legal_disclaimer",
"text": "Festo assumes no liability whatsoever for indirect, collateral, accidental or consequential losses that occur by the distribution and/or use of this document or any losses in connection with the distribution and/or use of this document. All information published in this document is provided free of charge and on good faith by Festo. Insofar as permissible by law, however, none of this information shall establish any warranty, guarantee, commitment or liability on the part of Festo. Note: In no case does these information release the operator or responsible person from the obligation to check the effect on his system or installation before using the information and, in the event of negative consequences, not to use the information.\n\n\nIn addition, the actual general terms and conditions of Festo for delivery, payment and software use shall apply, available under http://www.festo.com.",
"title": "Disclaimer"
},
{
"category": "description",
"text": "The identified vulnerabilities could lead to denial-of-service attacks, exhaustion of TCP connections, and unauthorized access to the system.",
"title": "Impact"
},
{
"category": "description",
"text": "For all CVEs: Enable password protection at login in case no password is set at the controller. Please note that the password configuration file is not covered via default FFT backup \u0026 Restore mechanism, you must select the related file manually.",
"title": "Mitigation"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of Festo SE FSA-202406 from a direct conversion of their vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Festo SE directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Critical manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "FSA-202406: Several Codesys Gateway v2 vulnerabilities in Codesys provided by Festo - CSAF",
"url": "https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2024/fsa-202406.json"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories",
"url": "https://certvde.com/en/advisories/vendor/festo/"
},
{
"category": "external",
"summary": "For further security-related issues in Festo products please contact the Festo Product Security Incident Response Team (PSIRT)",
"url": "https://festo.com/psirt"
},
{
"category": "self",
"summary": "FSA-202406: Several Codesys Gateway v2 vulnerabilities in Codesys provided by Festo - HTML",
"url": "https://certvde.com/en/advisories/VDE-2024-059"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-182-03 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-182-03.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-182-03 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-03"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "FESTO CODESYS",
"tracking": {
"aliases": [
"VDE-2024-059"
],
"current_release_date": "2024-12-03T11:00:00.000000Z",
"generator": {
"date": "2025-07-01T15:37:43.315219Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-25-182-03",
"initial_release_date": "2024-12-03T11:00:00.000000Z",
"revision_history": [
{
"date": "2024-12-03T11:00:00.000000Z",
"number": "1.0.0",
"summary": "Initial version"
},
{
"date": "2024-12-03T14:00:00.000000Z",
"number": "2.0.0",
"summary": "One reference has been corrected"
}
],
"status": "final",
"version": "2.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "CODESYS provided by Festo all versions",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_family",
"name": "CODESYS provided by Festo"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "FESTO"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-31802",
"cwe": {
"id": "CWE-187",
"name": "Partial String Comparison"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Enable password protection at login in case no password is set at the controller. Please note that the password configuration file is not covered by the default FFT backup and restore mechanism. You must select the related file manually.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"environmentalScore": 7.5,
"integrityImpact": "PARTIAL",
"temporalScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2022-31802"
},
{
"cve": "CVE-2022-31803",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Enable password protection at login in case no password is set at the controller. Please note that the password configuration file is not covered by the default FFT backup and restore mechanism. You must select the related file manually.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5,
"confidentialityImpact": "NONE",
"environmentalScore": 5,
"integrityImpact": "NONE",
"temporalScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2022-31803"
},
{
"cve": "CVE-2022-31804",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Enable password protection at login in case no password is set at the controller. Please note that the password configuration file is not covered by the default FFT backup and restore mechanism. You must select the related file manually.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5,
"confidentialityImpact": "NONE",
"environmentalScore": 5,
"integrityImpact": "NONE",
"temporalScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2022-31804"
}
]
}
CVE-2022-31804
Vulnerability from csaf_wagogmbhcokg - Published: 2022-10-17 08:00 - Updated: 2023-09-22 12:39Summary
WAGO: Multiple Vulnerabilities in Controller with WAGO I/O-Pro / CODESYS 2.3 Runtime
Notes
Summary
UPDATE A: Solution has updated release datesUPDATE B: Solution has updated release datesThis Advisory is published with reference to:
CODESYS Advisory 2022-11 (Security update for CODESYS Control V2)
CODESYS Advisory 2022-12 (Security update for CODESYS V2 password transport)
CODESYS Advisory 2022-13 (Security update for CODESYS Gateway V2)
Impact
From vulnerabilities CVE-2022-1965, CVE-2022-32136, CVE-2022-32137, CVE-2022-32138, CVE-2022-32139, CVE-2022-32140, CVE-2022-32141, CVE-2022-32142, CVE-2022-32143 (CODESYS Advisory 2022-11):
By crafting special packets / requests a low skilled attacker can exploit the vulnerabilities. This can lead to denial-of-service conditions or deleting files.
From vulnerabilities CVE-2022-31805, CVE-2022-31806 (CODESYS Advisory 2022-12):
A low skilled attacker is able to gather insufficiently protected credentials having access to the communication between client and server.
From vulnerabilities CVE-2022-31802, CVE-2022-31803, CVE-2022-31804 (CODESYS Advisory 2022-13):
An attacker with low skills is able to gather insufficiently protected credentials having local access or access to the online communication traffic
Mitigation
For vulnerabilities CVE-2022-1965, CVE-2022-32136, CVE-2022-32137, CVE-2022-32138, CVE-2022-32139, CVE-2022-32140, CVE-2022-32141, CVE-2022-32142, CVE-2022-32143 (CODESYS Advisory 2022-11):
- Activation of online user management, to prevent unallowed actions from unauthorized attackers
- Setting strong passwords
- Use e!Runtime or CODESYS V3
For vulnerabilities CVE-2022-31805, CVE-2022-31806 (CODESYS Advisory 2022-12):
- Activation of online user management, to prevent unallowed actions from unauthorized attackers
- Use encryption of online communication whenever possible, this protects password transmission.
Remediation
WAGO recommends that all affected users with WAGO I/O-PRO/CODESYS 2.3 PLCs update to the firmware and use the latest version of WAGO I/O-Pro as soon as it is available.
Until the updates are available, we recommend switching off the CODESYS IP port 2455 after commissioning or, if this not possible, use a strong admin password.
### PFC200 Family
| Ord. No. | Firmware |
|-----------------------|----------------------------------|
| 750-8202/xxx-xxx | UPDATE B: Available in Q1 2024 |
| 750-8203/xxx-xxx | UPDATE B: Available in Q1 2024 |
| 750-8204/xxx-xxx | UPDATE B: Available in Q1 2024 |
| 750-8206/xxx-xxx | UPDATE B: Available in Q1 2024 |
| 750-8207/xxx-xxx | UPDATE B: Available in Q1 2024 |
| 750-8208/xxx-xxx | UPDATE B: Available in Q1 2024 |
| 750-8210/xxx-xxx | UPDATE B: Available in Q1 2024 |
| 750-8211/xxx-xxx | UPDATE B: Available in Q1 2024 |
| 750-8212/xxx-xxx | UPDATE B: Available in Q1 2024 |
| 750-8213/xxx-xxx | UPDATE B: Available in Q1 2024 |
| 750-8214/xxx-xxx | UPDATE B: Available in Q1 2024 |
| 750-8216/xxx-xxx | UPDATE B: Available in Q1 2024 |
| 750-8217/xxx-xxx | UPDATE B: Available in Q1 2024 |
### Ethernet Controller 4th Generation Family – UPDATE B
| Ord. No. | Firmware |
|-----------------------|----------------------------------|
| 750-823 | UPDATE B: Available in Q1 2024 |
| 750-332 | UPDATE B: Available in Q1 2024 |
| 750-832/xxx-xxx | UPDATE B: Available in Q1 2024 |
| 750-862 | UPDATE B: Available in Q1 2024 |
| 750-890/xxx-xxx | UPDATE B: Available in Q1 2024 |
| 750-891 | UPDATE B: Available in Q1 2024 |
| 750-893 | UPDATE B: Available in Q1 2024 |
### Ethernet Controller 3rd Generation Family – UPDATE B
| Ord. No. | Firmware |
|-----------------------|----------------------------------|
| 750-331 | UPDATE B: Available in Q1 2024 |
| 750-829 | UPDATE B: Available in Q1 2024 |
| 750-831/xxx-xxx | UPDATE B: Available in Q1 2024 |
| 750-852 | UPDATE B: Available in Q1 2024 |
| 750-880/xxx-xxx | UPDATE B: Available in Q1 2024 |
| 750-881 | UPDATE B: Available in Q1 2024 |
| 750-882 | UPDATE B: Available in Q1 2024 |
| 750-885/xxx-xxx | UPDATE B: Available in Q1 2024 |
| 750-889 | UPDATE B: Available in Q1 2024 |
### Engineering Software
| Name | Firmware |
|------------------|----------------------------------|
| WAGO-I/O-PRO 32 | UPDATE B: Available in Q1 2024 |
General Mitigation Recommendations
- Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside
- Use firewalls to protect and separate the control system network from other networks
- Use VPN (Virtual Private Networks) tunnels if remote access is required
- Activate and apply user management and password features
- Use encrypted communication links
- Limit the access to both development and control system by physical means, operating system features, etc.
- Protect both development and control system by using up to date virus detecting solutions
For further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at
www.codesys.com/security/security-reports.html
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "UPDATE A: Solution has updated release datesUPDATE B: Solution has updated release datesThis Advisory is published with reference to:\n\nCODESYS Advisory 2022-11 (Security update for CODESYS Control V2)\nCODESYS Advisory 2022-12 (Security update for CODESYS V2 password transport)\nCODESYS Advisory 2022-13 (Security update for CODESYS Gateway V2)",
"title": "Summary"
},
{
"category": "description",
"text": "From vulnerabilities CVE-2022-1965, CVE-2022-32136, CVE-2022-32137, CVE-2022-32138, CVE-2022-32139, CVE-2022-32140, CVE-2022-32141, CVE-2022-32142, CVE-2022-32143 (CODESYS Advisory 2022-11):\nBy crafting special packets / requests a low skilled attacker can exploit the vulnerabilities. This can lead to denial-of-service conditions or deleting files.\n\nFrom vulnerabilities CVE-2022-31805, CVE-2022-31806 (CODESYS Advisory 2022-12):\nA low skilled attacker is able to gather insufficiently protected credentials having access to the communication between client and server.\n\nFrom vulnerabilities CVE-2022-31802, CVE-2022-31803, CVE-2022-31804 (CODESYS Advisory 2022-13):\nAn attacker with low skills is able to gather insufficiently protected credentials having local access or access to the online communication traffic",
"title": "Impact"
},
{
"category": "description",
"text": "For vulnerabilities CVE-2022-1965, CVE-2022-32136, CVE-2022-32137, CVE-2022-32138, CVE-2022-32139, CVE-2022-32140, CVE-2022-32141, CVE-2022-32142, CVE-2022-32143 (CODESYS Advisory 2022-11):\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n- Setting strong passwords\n- Use e!Runtime or CODESYS V3\n\nFor vulnerabilities CVE-2022-31805, CVE-2022-31806 (CODESYS Advisory 2022-12):\n\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n\n- Use encryption of online communication whenever possible, this protects password transmission.",
"title": "Mitigation"
},
{
"category": "description",
"text": "WAGO recommends that all affected users with WAGO I/O-PRO/CODESYS 2.3 PLCs update to the firmware and use the latest version of WAGO I/O-Pro as soon as it is available.\nUntil the updates are available, we recommend switching off the CODESYS IP port 2455 after commissioning or, if this not possible, use a strong admin password.\n\n### PFC200 Family\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-8202/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8203/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8204/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8206/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8207/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8208/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8210/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8211/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8212/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8213/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8214/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8216/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8217/xxx-xxx | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 4th Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-823 | UPDATE B: Available in Q1 2024 |\n| 750-332 | UPDATE B: Available in Q1 2024 |\n| 750-832/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-862 | UPDATE B: Available in Q1 2024 |\n| 750-890/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-891 | UPDATE B: Available in Q1 2024 |\n| 750-893 | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 3rd Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-331 | UPDATE B: Available in Q1 2024 |\n| 750-829 | UPDATE B: Available in Q1 2024 |\n| 750-831/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-852 | UPDATE B: Available in Q1 2024 |\n| 750-880/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-881 | UPDATE B: Available in Q1 2024 |\n| 750-882 | UPDATE B: Available in Q1 2024 |\n| 750-885/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-889 | UPDATE B: Available in Q1 2024 |\n\n### Engineering Software\n\n| Name | Firmware |\n|------------------|----------------------------------|\n| WAGO-I/O-PRO 32 | UPDATE B: Available in Q1 2024 |",
"title": "Remediation"
},
{
"category": "general",
"text": "- Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside\n\n- Use firewalls to protect and separate the control system network from other networks\n\n- Use VPN (Virtual Private Networks) tunnels if remote access is required\n\n- Activate and apply user management and password features\n\n- Use encrypted communication links\n\n- Limit the access to both development and control system by physical means, operating system features, etc.\n\n- Protect both development and control system by using up to date virus detecting solutions\n\nFor further impact information and risk mitigation, please refer to the official CODESYS Advisory Website at\nwww.codesys.com/security/security-reports.html",
"title": "General Mitigation Recommendations"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@wago.com",
"name": "WAGO GmbH \u0026 Co. KG",
"namespace": "https://www.wago.com/psirt"
},
"references": [
{
"category": "self",
"summary": "VDE-2022-040: WAGO: Multiple Vulnerabilities in Controller with WAGO I/O-Pro / CODESYS 2.3 Runtime - HTML",
"url": "https://certvde.com/en/advisories/VDE-2022-040/"
},
{
"category": "self",
"summary": "VDE-2022-040: WAGO: Multiple Vulnerabilities in Controller with WAGO I/O-Pro / CODESYS 2.3 Runtime - CSAF",
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2022-040.json"
},
{
"category": "external",
"summary": "WAGO PSIRT",
"url": "https://www.wago.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for WAGO GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/wago/"
}
],
"title": "WAGO: Multiple Vulnerabilities in Controller with WAGO I/O-Pro / CODESYS 2.3 Runtime",
"tracking": {
"aliases": [
"VDE-2022-040"
],
"current_release_date": "2023-09-22T12:39:00.000Z",
"generator": {
"date": "2025-06-16T07:38:21.972Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.27"
}
},
"id": "VDE-2022-040",
"initial_release_date": "2022-10-17T08:00:00.000Z",
"revision_history": [
{
"date": "2022-10-17T08:00:00.000Z",
"number": "1.0.0",
"summary": "Initial revision."
},
{
"date": "2023-09-22T12:39:00.000Z",
"number": "1.1.0",
"summary": "Solution has updated"
}
],
"status": "final",
"version": "1.1.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "750-331",
"product": {
"name": "750-331",
"product_id": "CSAFPID-11001"
}
},
{
"category": "product_name",
"name": "750-829",
"product": {
"name": "750-829",
"product_id": "CSAFPID-11002"
}
},
{
"category": "product_name",
"name": "750-831/xxx-xxx",
"product": {
"name": "750-831/xxx-xxx",
"product_id": "CSAFPID-11003"
}
},
{
"category": "product_name",
"name": "750-852",
"product": {
"name": "750-852",
"product_id": "CSAFPID-11004"
}
},
{
"category": "product_name",
"name": "750-881",
"product": {
"name": "750-881",
"product_id": "CSAFPID-11005"
}
},
{
"category": "product_name",
"name": "750-882",
"product": {
"name": "750-882",
"product_id": "CSAFPID-11006"
}
},
{
"category": "product_name",
"name": "750-885/xxx-xxx",
"product": {
"name": "750-885/xxx-xxx",
"product_id": "CSAFPID-11007"
}
},
{
"category": "product_name",
"name": "750-889",
"product": {
"name": "750-889",
"product_id": "CSAFPID-11008"
}
},
{
"category": "product_name",
"name": "750-880/xxx-xxx",
"product": {
"name": "750-880/xxx-xxx",
"product_id": "CSAFPID-11009"
}
},
{
"category": "product_name",
"name": "750-823",
"product": {
"name": "750-823",
"product_id": "CSAFPID-11010"
}
},
{
"category": "product_name",
"name": "750-332",
"product": {
"name": "750-332",
"product_id": "CSAFPID-11011"
}
},
{
"category": "product_name",
"name": "750-832/xxx-xxx",
"product": {
"name": "750-832/xxx-xxx",
"product_id": "CSAFPID-11012"
}
},
{
"category": "product_name",
"name": "750-862",
"product": {
"name": "750-862",
"product_id": "CSAFPID-11013"
}
},
{
"category": "product_name",
"name": "750-890/xxx-xxx",
"product": {
"name": "750-890/xxx-xxx",
"product_id": "CSAFPID-11014"
}
},
{
"category": "product_name",
"name": "750-891",
"product": {
"name": "750-891",
"product_id": "CSAFPID-11015"
}
},
{
"category": "product_name",
"name": "750-893",
"product": {
"name": "750-893",
"product_id": "CSAFPID-11016"
}
},
{
"category": "product_name",
"name": "PFC200",
"product": {
"name": "PFC200",
"product_id": "CSAFPID-11017",
"product_identification_helper": {
"model_numbers": [
"750-8206/xxx-xxx",
"750-8204/xxx-xxx",
"750-8203/xxx-xxx",
"750-8214/xxx-xxx",
"750-8213/xxx-xxx",
"750-8212/xxx-xxx",
"750-8211/xxx-xxx",
"750-8216/xxx-xxx",
"750-8217/xxx-xxx",
"750-8210/xxx-xxx",
"750-8208/xxx-xxx",
"750-8202/xxx-xxx",
"750-8207/xxx-xxx"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=01.08.25(16)",
"product": {
"name": "Firmware \u003c=01.08.25(16)",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.03.25(16)",
"product": {
"name": "Firmware \u003c=01.03.25(16)",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.07.25(16)",
"product": {
"name": "Firmware \u003c=01.07.25(16)",
"product_id": "CSAFPID-21004"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.09.25(16)",
"product": {
"name": "Firmware \u003c=01.09.25(16)",
"product_id": "CSAFPID-21005"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.04.16(14)",
"product": {
"name": "Firmware \u003c=01.04.16(14)",
"product_id": "CSAFPID-21006"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.02.16(06)",
"product": {
"name": "Firmware \u003c=01.02.16(06)",
"product_id": "CSAFPID-21007"
}
},
{
"category": "product_version_range",
"name": "\u003c=01.05.04(10)",
"product": {
"name": "Firmware \u003c=01.05.04(10)",
"product_id": "CSAFPID-21008"
}
},
{
"category": "product_version_range",
"name": "\u003c=03.10.08(22)",
"product": {
"name": "Firmware \u003c=03.10.08(22)",
"product_id": "CSAFPID-21009"
}
},
{
"category": "product_version",
"name": "FW17",
"product": {
"name": "Firmware FW17",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version",
"name": "FW11 with BACnet Certification",
"product": {
"name": "Firmware FW11 with BACnet Certification",
"product_id": "CSAFPID-22002"
}
},
{
"category": "product_version",
"name": "FW11",
"product": {
"name": "Firmware FW11",
"product_id": "CSAFPID-22003"
}
}
],
"category": "product_family",
"name": "Firmware"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2.3.9.68",
"product": {
"name": "Engineering Software \u003c=2.3.9.68",
"product_id": "CSAFPID-51001",
"product_identification_helper": {
"model_numbers": [
"WAGO-I/O-PRO"
]
}
}
},
{
"category": "product_version",
"name": "2.3.9.70",
"product": {
"name": "Engineering Software 2.3.9.70",
"product_id": "CSAFPID-52001"
}
}
],
"category": "product_name",
"name": "Engineering Software"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "Wago"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.04.16(14) installed on 750-331",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21006",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.04.16(14) installed on 750-829",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21006",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.04.16(14) installed on 750-831/xxx-xxx",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21006",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.09.25(16) installed on 750-852",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.09.25(16) installed on 750-881",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.08.25(16) installed on 750-882",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.07.25(16) installed on 750-885/xxx-xxx",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.03.25(16) installed on 750-889",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.08.25(16) installed on 750-880/xxx-xxx",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.05.04(10) installed on 750-823",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21008",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.02.16(06) installed on 750-332",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21007",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.02.16(06) installed on 750-832/xxx-xxx",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21007",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.05.04(10) installed on 750-862",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21008",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.05.04(10) installed on 750-890/xxx-xxx",
"product_id": "CSAFPID-31014"
},
"product_reference": "CSAFPID-21008",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.05.04(10) installed on 750-891",
"product_id": "CSAFPID-31015"
},
"product_reference": "CSAFPID-21008",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=01.05.04(10) installed on 750-893",
"product_id": "CSAFPID-31016"
},
"product_reference": "CSAFPID-21008",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=03.10.08(22) installed on PFC200",
"product_id": "CSAFPID-31017"
},
"product_reference": "CSAFPID-21009",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW11 installed on 750-823",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW11 after BACnet Certification installed on 750-332",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW11 after BACnet Certification installed on 750-832/xxx-xxx",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW11 installed on 750-862",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW11 installed on 750-890/xxx-xxx",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW11 installed on 750-891",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW11 installed on 750-893",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW17 installed on 750-829",
"product_id": "CSAFPID-32008"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW17 installed on 750-852",
"product_id": "CSAFPID-32009"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW17 installed on 750-880/xxx-xxx",
"product_id": "CSAFPID-32010"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW17 installed on 750-881",
"product_id": "CSAFPID-32011"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW17 installed on 750-882",
"product_id": "CSAFPID-32012"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW17 installed on 750-885/xxx-xxx",
"product_id": "CSAFPID-32013"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware FW17 installed on 750-889",
"product_id": "CSAFPID-32014"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11008"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-31804",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"notes": [
{
"category": "description",
"text": "The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
},
"remediations": [
{
"category": "mitigation",
"details": "For vulnerabilities CVE-2022-1965, CVE-2022-32136, CVE-2022-32137, CVE-2022-32138, CVE-2022-32139, CVE-2022-32140, CVE-2022-32141, CVE-2022-32142, CVE-2022-32143 (CODESYS Advisory 2022-11):\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n- Setting strong passwords\n- Use e!Runtime or CODESYS V3\n\nFor vulnerabilities CVE-2022-31805, CVE-2022-31806 (CODESYS Advisory 2022-12):\n\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n\n- Use encryption of online communication whenever possible, this protects password transmission.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "WAGO recommends that all affected users with WAGO I/O-PRO/CODESYS 2.3 PLCs update to the firmware and use the latest version of WAGO I/O-Pro as soon as it is available.\nUntil the updates are available, we recommend switching off the CODESYS IP port 2455 after commissioning or, if this not possible, use a strong admin password.\n\n### PFC200 Family\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-8202/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8203/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8204/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8206/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8207/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8208/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8210/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8211/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8212/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8213/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8214/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8216/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8217/xxx-xxx | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 4th Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-823 | UPDATE B: Available in Q1 2024 |\n| 750-332 | UPDATE B: Available in Q1 2024 |\n| 750-832/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-862 | UPDATE B: Available in Q1 2024 |\n| 750-890/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-891 | UPDATE B: Available in Q1 2024 |\n| 750-893 | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 3rd Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-331 | UPDATE B: Available in Q1 2024 |\n| 750-829 | UPDATE B: Available in Q1 2024 |\n| 750-831/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-852 | UPDATE B: Available in Q1 2024 |\n| 750-880/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-881 | UPDATE B: Available in Q1 2024 |\n| 750-882 | UPDATE B: Available in Q1 2024 |\n| 750-885/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-889 | UPDATE B: Available in Q1 2024 |\n\n### Engineering Software\n\n| Name | Firmware |\n|------------------|----------------------------------|\n| WAGO-I/O-PRO 32 | UPDATE B: Available in Q1 2024 |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
}
],
"title": "CVE-2022-31804"
},
{
"cve": "CVE-2022-31803",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "description",
"text": "In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
},
"remediations": [
{
"category": "mitigation",
"details": "For vulnerabilities CVE-2022-1965, CVE-2022-32136, CVE-2022-32137, CVE-2022-32138, CVE-2022-32139, CVE-2022-32140, CVE-2022-32141, CVE-2022-32142, CVE-2022-32143 (CODESYS Advisory 2022-11):\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n- Setting strong passwords\n- Use e!Runtime or CODESYS V3\n\nFor vulnerabilities CVE-2022-31805, CVE-2022-31806 (CODESYS Advisory 2022-12):\n\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n\n- Use encryption of online communication whenever possible, this protects password transmission.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "WAGO recommends that all affected users with WAGO I/O-PRO/CODESYS 2.3 PLCs update to the firmware and use the latest version of WAGO I/O-Pro as soon as it is available.\nUntil the updates are available, we recommend switching off the CODESYS IP port 2455 after commissioning or, if this not possible, use a strong admin password.\n\n### PFC200 Family\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-8202/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8203/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8204/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8206/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8207/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8208/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8210/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8211/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8212/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8213/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8214/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8216/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8217/xxx-xxx | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 4th Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-823 | UPDATE B: Available in Q1 2024 |\n| 750-332 | UPDATE B: Available in Q1 2024 |\n| 750-832/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-862 | UPDATE B: Available in Q1 2024 |\n| 750-890/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-891 | UPDATE B: Available in Q1 2024 |\n| 750-893 | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 3rd Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-331 | UPDATE B: Available in Q1 2024 |\n| 750-829 | UPDATE B: Available in Q1 2024 |\n| 750-831/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-852 | UPDATE B: Available in Q1 2024 |\n| 750-880/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-881 | UPDATE B: Available in Q1 2024 |\n| 750-882 | UPDATE B: Available in Q1 2024 |\n| 750-885/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-889 | UPDATE B: Available in Q1 2024 |\n\n### Engineering Software\n\n| Name | Firmware |\n|------------------|----------------------------------|\n| WAGO-I/O-PRO 32 | UPDATE B: Available in Q1 2024 |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
}
],
"title": "CVE-2022-31803"
},
{
"cve": "CVE-2022-31802",
"cwe": {
"id": "CWE-187",
"name": "Partial String Comparison"
},
"notes": [
{
"category": "description",
"text": "In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
},
"remediations": [
{
"category": "mitigation",
"details": "For vulnerabilities CVE-2022-1965, CVE-2022-32136, CVE-2022-32137, CVE-2022-32138, CVE-2022-32139, CVE-2022-32140, CVE-2022-32141, CVE-2022-32142, CVE-2022-32143 (CODESYS Advisory 2022-11):\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n- Setting strong passwords\n- Use e!Runtime or CODESYS V3\n\nFor vulnerabilities CVE-2022-31805, CVE-2022-31806 (CODESYS Advisory 2022-12):\n\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n\n- Use encryption of online communication whenever possible, this protects password transmission.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "WAGO recommends that all affected users with WAGO I/O-PRO/CODESYS 2.3 PLCs update to the firmware and use the latest version of WAGO I/O-Pro as soon as it is available.\nUntil the updates are available, we recommend switching off the CODESYS IP port 2455 after commissioning or, if this not possible, use a strong admin password.\n\n### PFC200 Family\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-8202/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8203/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8204/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8206/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8207/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8208/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8210/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8211/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8212/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8213/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8214/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8216/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8217/xxx-xxx | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 4th Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-823 | UPDATE B: Available in Q1 2024 |\n| 750-332 | UPDATE B: Available in Q1 2024 |\n| 750-832/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-862 | UPDATE B: Available in Q1 2024 |\n| 750-890/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-891 | UPDATE B: Available in Q1 2024 |\n| 750-893 | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 3rd Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-331 | UPDATE B: Available in Q1 2024 |\n| 750-829 | UPDATE B: Available in Q1 2024 |\n| 750-831/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-852 | UPDATE B: Available in Q1 2024 |\n| 750-880/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-881 | UPDATE B: Available in Q1 2024 |\n| 750-882 | UPDATE B: Available in Q1 2024 |\n| 750-885/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-889 | UPDATE B: Available in Q1 2024 |\n\n### Engineering Software\n\n| Name | Firmware |\n|------------------|----------------------------------|\n| WAGO-I/O-PRO 32 | UPDATE B: Available in Q1 2024 |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
}
],
"title": "CVE-2022-31802"
},
{
"cve": "CVE-2022-31806",
"cwe": {
"id": "CWE-1188",
"name": "Initialization of a Resource with an Insecure Default"
},
"notes": [
{
"category": "description",
"text": "In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
},
"remediations": [
{
"category": "mitigation",
"details": "For vulnerabilities CVE-2022-1965, CVE-2022-32136, CVE-2022-32137, CVE-2022-32138, CVE-2022-32139, CVE-2022-32140, CVE-2022-32141, CVE-2022-32142, CVE-2022-32143 (CODESYS Advisory 2022-11):\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n- Setting strong passwords\n- Use e!Runtime or CODESYS V3\n\nFor vulnerabilities CVE-2022-31805, CVE-2022-31806 (CODESYS Advisory 2022-12):\n\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n\n- Use encryption of online communication whenever possible, this protects password transmission.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "WAGO recommends that all affected users with WAGO I/O-PRO/CODESYS 2.3 PLCs update to the firmware and use the latest version of WAGO I/O-Pro as soon as it is available.\nUntil the updates are available, we recommend switching off the CODESYS IP port 2455 after commissioning or, if this not possible, use a strong admin password.\n\n### PFC200 Family\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-8202/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8203/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8204/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8206/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8207/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8208/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8210/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8211/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8212/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8213/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8214/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8216/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8217/xxx-xxx | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 4th Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-823 | UPDATE B: Available in Q1 2024 |\n| 750-332 | UPDATE B: Available in Q1 2024 |\n| 750-832/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-862 | UPDATE B: Available in Q1 2024 |\n| 750-890/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-891 | UPDATE B: Available in Q1 2024 |\n| 750-893 | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 3rd Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-331 | UPDATE B: Available in Q1 2024 |\n| 750-829 | UPDATE B: Available in Q1 2024 |\n| 750-831/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-852 | UPDATE B: Available in Q1 2024 |\n| 750-880/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-881 | UPDATE B: Available in Q1 2024 |\n| 750-882 | UPDATE B: Available in Q1 2024 |\n| 750-885/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-889 | UPDATE B: Available in Q1 2024 |\n\n### Engineering Software\n\n| Name | Firmware |\n|------------------|----------------------------------|\n| WAGO-I/O-PRO 32 | UPDATE B: Available in Q1 2024 |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
}
],
"title": "CVE-2022-31806"
},
{
"cve": "CVE-2022-31805",
"cwe": {
"id": "CWE-523",
"name": "Unprotected Transport of Credentials"
},
"notes": [
{
"category": "description",
"text": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
},
"remediations": [
{
"category": "mitigation",
"details": "For vulnerabilities CVE-2022-1965, CVE-2022-32136, CVE-2022-32137, CVE-2022-32138, CVE-2022-32139, CVE-2022-32140, CVE-2022-32141, CVE-2022-32142, CVE-2022-32143 (CODESYS Advisory 2022-11):\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n- Setting strong passwords\n- Use e!Runtime or CODESYS V3\n\nFor vulnerabilities CVE-2022-31805, CVE-2022-31806 (CODESYS Advisory 2022-12):\n\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n\n- Use encryption of online communication whenever possible, this protects password transmission.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "WAGO recommends that all affected users with WAGO I/O-PRO/CODESYS 2.3 PLCs update to the firmware and use the latest version of WAGO I/O-Pro as soon as it is available.\nUntil the updates are available, we recommend switching off the CODESYS IP port 2455 after commissioning or, if this not possible, use a strong admin password.\n\n### PFC200 Family\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-8202/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8203/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8204/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8206/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8207/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8208/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8210/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8211/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8212/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8213/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8214/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8216/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8217/xxx-xxx | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 4th Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-823 | UPDATE B: Available in Q1 2024 |\n| 750-332 | UPDATE B: Available in Q1 2024 |\n| 750-832/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-862 | UPDATE B: Available in Q1 2024 |\n| 750-890/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-891 | UPDATE B: Available in Q1 2024 |\n| 750-893 | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 3rd Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-331 | UPDATE B: Available in Q1 2024 |\n| 750-829 | UPDATE B: Available in Q1 2024 |\n| 750-831/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-852 | UPDATE B: Available in Q1 2024 |\n| 750-880/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-881 | UPDATE B: Available in Q1 2024 |\n| 750-882 | UPDATE B: Available in Q1 2024 |\n| 750-885/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-889 | UPDATE B: Available in Q1 2024 |\n\n### Engineering Software\n\n| Name | Firmware |\n|------------------|----------------------------------|\n| WAGO-I/O-PRO 32 | UPDATE B: Available in Q1 2024 |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
}
],
"title": "CVE-2022-31805"
},
{
"cve": "CVE-2022-32143",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"notes": [
{
"category": "description",
"text": "In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
},
"remediations": [
{
"category": "mitigation",
"details": "For vulnerabilities CVE-2022-1965, CVE-2022-32136, CVE-2022-32137, CVE-2022-32138, CVE-2022-32139, CVE-2022-32140, CVE-2022-32141, CVE-2022-32142, CVE-2022-32143 (CODESYS Advisory 2022-11):\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n- Setting strong passwords\n- Use e!Runtime or CODESYS V3\n\nFor vulnerabilities CVE-2022-31805, CVE-2022-31806 (CODESYS Advisory 2022-12):\n\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n\n- Use encryption of online communication whenever possible, this protects password transmission.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "WAGO recommends that all affected users with WAGO I/O-PRO/CODESYS 2.3 PLCs update to the firmware and use the latest version of WAGO I/O-Pro as soon as it is available.\nUntil the updates are available, we recommend switching off the CODESYS IP port 2455 after commissioning or, if this not possible, use a strong admin password.\n\n### PFC200 Family\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-8202/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8203/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8204/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8206/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8207/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8208/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8210/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8211/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8212/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8213/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8214/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8216/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8217/xxx-xxx | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 4th Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-823 | UPDATE B: Available in Q1 2024 |\n| 750-332 | UPDATE B: Available in Q1 2024 |\n| 750-832/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-862 | UPDATE B: Available in Q1 2024 |\n| 750-890/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-891 | UPDATE B: Available in Q1 2024 |\n| 750-893 | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 3rd Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-331 | UPDATE B: Available in Q1 2024 |\n| 750-829 | UPDATE B: Available in Q1 2024 |\n| 750-831/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-852 | UPDATE B: Available in Q1 2024 |\n| 750-880/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-881 | UPDATE B: Available in Q1 2024 |\n| 750-882 | UPDATE B: Available in Q1 2024 |\n| 750-885/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-889 | UPDATE B: Available in Q1 2024 |\n\n### Engineering Software\n\n| Name | Firmware |\n|------------------|----------------------------------|\n| WAGO-I/O-PRO 32 | UPDATE B: Available in Q1 2024 |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
}
],
"title": "CVE-2022-32143"
},
{
"cve": "CVE-2022-32142",
"cwe": {
"id": "CWE-823",
"name": "Use of Out-of-range Pointer Offset"
},
"notes": [
{
"category": "description",
"text": "Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which can cause an out-of-bounds read or write access, resulting in denial-of-service condition or local memory overwrite, which can lead to a change of local files. User interaction is not required.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
},
"remediations": [
{
"category": "mitigation",
"details": "For vulnerabilities CVE-2022-1965, CVE-2022-32136, CVE-2022-32137, CVE-2022-32138, CVE-2022-32139, CVE-2022-32140, CVE-2022-32141, CVE-2022-32142, CVE-2022-32143 (CODESYS Advisory 2022-11):\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n- Setting strong passwords\n- Use e!Runtime or CODESYS V3\n\nFor vulnerabilities CVE-2022-31805, CVE-2022-31806 (CODESYS Advisory 2022-12):\n\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n\n- Use encryption of online communication whenever possible, this protects password transmission.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "WAGO recommends that all affected users with WAGO I/O-PRO/CODESYS 2.3 PLCs update to the firmware and use the latest version of WAGO I/O-Pro as soon as it is available.\nUntil the updates are available, we recommend switching off the CODESYS IP port 2455 after commissioning or, if this not possible, use a strong admin password.\n\n### PFC200 Family\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-8202/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8203/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8204/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8206/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8207/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8208/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8210/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8211/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8212/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8213/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8214/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8216/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8217/xxx-xxx | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 4th Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-823 | UPDATE B: Available in Q1 2024 |\n| 750-332 | UPDATE B: Available in Q1 2024 |\n| 750-832/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-862 | UPDATE B: Available in Q1 2024 |\n| 750-890/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-891 | UPDATE B: Available in Q1 2024 |\n| 750-893 | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 3rd Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-331 | UPDATE B: Available in Q1 2024 |\n| 750-829 | UPDATE B: Available in Q1 2024 |\n| 750-831/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-852 | UPDATE B: Available in Q1 2024 |\n| 750-880/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-881 | UPDATE B: Available in Q1 2024 |\n| 750-882 | UPDATE B: Available in Q1 2024 |\n| 750-885/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-889 | UPDATE B: Available in Q1 2024 |\n\n### Engineering Software\n\n| Name | Firmware |\n|------------------|----------------------------------|\n| WAGO-I/O-PRO 32 | UPDATE B: Available in Q1 2024 |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
}
],
"title": "CVE-2022-32142"
},
{
"cve": "CVE-2022-32141",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interaction is not required.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
},
"remediations": [
{
"category": "mitigation",
"details": "For vulnerabilities CVE-2022-1965, CVE-2022-32136, CVE-2022-32137, CVE-2022-32138, CVE-2022-32139, CVE-2022-32140, CVE-2022-32141, CVE-2022-32142, CVE-2022-32143 (CODESYS Advisory 2022-11):\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n- Setting strong passwords\n- Use e!Runtime or CODESYS V3\n\nFor vulnerabilities CVE-2022-31805, CVE-2022-31806 (CODESYS Advisory 2022-12):\n\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n\n- Use encryption of online communication whenever possible, this protects password transmission.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "WAGO recommends that all affected users with WAGO I/O-PRO/CODESYS 2.3 PLCs update to the firmware and use the latest version of WAGO I/O-Pro as soon as it is available.\nUntil the updates are available, we recommend switching off the CODESYS IP port 2455 after commissioning or, if this not possible, use a strong admin password.\n\n### PFC200 Family\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-8202/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8203/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8204/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8206/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8207/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8208/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8210/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8211/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8212/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8213/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8214/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8216/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8217/xxx-xxx | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 4th Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-823 | UPDATE B: Available in Q1 2024 |\n| 750-332 | UPDATE B: Available in Q1 2024 |\n| 750-832/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-862 | UPDATE B: Available in Q1 2024 |\n| 750-890/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-891 | UPDATE B: Available in Q1 2024 |\n| 750-893 | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 3rd Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-331 | UPDATE B: Available in Q1 2024 |\n| 750-829 | UPDATE B: Available in Q1 2024 |\n| 750-831/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-852 | UPDATE B: Available in Q1 2024 |\n| 750-880/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-881 | UPDATE B: Available in Q1 2024 |\n| 750-882 | UPDATE B: Available in Q1 2024 |\n| 750-885/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-889 | UPDATE B: Available in Q1 2024 |\n\n### Engineering Software\n\n| Name | Firmware |\n|------------------|----------------------------------|\n| WAGO-I/O-PRO 32 | UPDATE B: Available in Q1 2024 |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
}
],
"title": "CVE-2022-32141"
},
{
"cve": "CVE-2022-32140",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "description",
"text": "Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition. User Interaction is not required.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
},
"remediations": [
{
"category": "mitigation",
"details": "For vulnerabilities CVE-2022-1965, CVE-2022-32136, CVE-2022-32137, CVE-2022-32138, CVE-2022-32139, CVE-2022-32140, CVE-2022-32141, CVE-2022-32142, CVE-2022-32143 (CODESYS Advisory 2022-11):\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n- Setting strong passwords\n- Use e!Runtime or CODESYS V3\n\nFor vulnerabilities CVE-2022-31805, CVE-2022-31806 (CODESYS Advisory 2022-12):\n\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n\n- Use encryption of online communication whenever possible, this protects password transmission.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "WAGO recommends that all affected users with WAGO I/O-PRO/CODESYS 2.3 PLCs update to the firmware and use the latest version of WAGO I/O-Pro as soon as it is available.\nUntil the updates are available, we recommend switching off the CODESYS IP port 2455 after commissioning or, if this not possible, use a strong admin password.\n\n### PFC200 Family\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-8202/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8203/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8204/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8206/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8207/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8208/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8210/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8211/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8212/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8213/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8214/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8216/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8217/xxx-xxx | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 4th Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-823 | UPDATE B: Available in Q1 2024 |\n| 750-332 | UPDATE B: Available in Q1 2024 |\n| 750-832/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-862 | UPDATE B: Available in Q1 2024 |\n| 750-890/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-891 | UPDATE B: Available in Q1 2024 |\n| 750-893 | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 3rd Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-331 | UPDATE B: Available in Q1 2024 |\n| 750-829 | UPDATE B: Available in Q1 2024 |\n| 750-831/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-852 | UPDATE B: Available in Q1 2024 |\n| 750-880/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-881 | UPDATE B: Available in Q1 2024 |\n| 750-882 | UPDATE B: Available in Q1 2024 |\n| 750-885/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-889 | UPDATE B: Available in Q1 2024 |\n\n### Engineering Software\n\n| Name | Firmware |\n|------------------|----------------------------------|\n| WAGO-I/O-PRO 32 | UPDATE B: Available in Q1 2024 |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
}
],
"title": "CVE-2022-32140"
},
{
"cve": "CVE-2022-32139",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. User Interaction is not required.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
},
"remediations": [
{
"category": "mitigation",
"details": "For vulnerabilities CVE-2022-1965, CVE-2022-32136, CVE-2022-32137, CVE-2022-32138, CVE-2022-32139, CVE-2022-32140, CVE-2022-32141, CVE-2022-32142, CVE-2022-32143 (CODESYS Advisory 2022-11):\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n- Setting strong passwords\n- Use e!Runtime or CODESYS V3\n\nFor vulnerabilities CVE-2022-31805, CVE-2022-31806 (CODESYS Advisory 2022-12):\n\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n\n- Use encryption of online communication whenever possible, this protects password transmission.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "WAGO recommends that all affected users with WAGO I/O-PRO/CODESYS 2.3 PLCs update to the firmware and use the latest version of WAGO I/O-Pro as soon as it is available.\nUntil the updates are available, we recommend switching off the CODESYS IP port 2455 after commissioning or, if this not possible, use a strong admin password.\n\n### PFC200 Family\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-8202/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8203/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8204/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8206/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8207/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8208/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8210/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8211/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8212/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8213/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8214/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8216/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8217/xxx-xxx | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 4th Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-823 | UPDATE B: Available in Q1 2024 |\n| 750-332 | UPDATE B: Available in Q1 2024 |\n| 750-832/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-862 | UPDATE B: Available in Q1 2024 |\n| 750-890/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-891 | UPDATE B: Available in Q1 2024 |\n| 750-893 | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 3rd Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-331 | UPDATE B: Available in Q1 2024 |\n| 750-829 | UPDATE B: Available in Q1 2024 |\n| 750-831/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-852 | UPDATE B: Available in Q1 2024 |\n| 750-880/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-881 | UPDATE B: Available in Q1 2024 |\n| 750-882 | UPDATE B: Available in Q1 2024 |\n| 750-885/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-889 | UPDATE B: Available in Q1 2024 |\n\n### Engineering Software\n\n| Name | Firmware |\n|------------------|----------------------------------|\n| WAGO-I/O-PRO 32 | UPDATE B: Available in Q1 2024 |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
}
],
"title": "CVE-2022-32139"
},
{
"cve": "CVE-2022-32138",
"cwe": {
"id": "CWE-194",
"name": "Unexpected Sign Extension"
},
"notes": [
{
"category": "description",
"text": "In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
},
"remediations": [
{
"category": "mitigation",
"details": "For vulnerabilities CVE-2022-1965, CVE-2022-32136, CVE-2022-32137, CVE-2022-32138, CVE-2022-32139, CVE-2022-32140, CVE-2022-32141, CVE-2022-32142, CVE-2022-32143 (CODESYS Advisory 2022-11):\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n- Setting strong passwords\n- Use e!Runtime or CODESYS V3\n\nFor vulnerabilities CVE-2022-31805, CVE-2022-31806 (CODESYS Advisory 2022-12):\n\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n\n- Use encryption of online communication whenever possible, this protects password transmission.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "WAGO recommends that all affected users with WAGO I/O-PRO/CODESYS 2.3 PLCs update to the firmware and use the latest version of WAGO I/O-Pro as soon as it is available.\nUntil the updates are available, we recommend switching off the CODESYS IP port 2455 after commissioning or, if this not possible, use a strong admin password.\n\n### PFC200 Family\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-8202/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8203/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8204/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8206/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8207/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8208/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8210/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8211/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8212/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8213/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8214/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8216/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8217/xxx-xxx | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 4th Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-823 | UPDATE B: Available in Q1 2024 |\n| 750-332 | UPDATE B: Available in Q1 2024 |\n| 750-832/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-862 | UPDATE B: Available in Q1 2024 |\n| 750-890/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-891 | UPDATE B: Available in Q1 2024 |\n| 750-893 | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 3rd Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-331 | UPDATE B: Available in Q1 2024 |\n| 750-829 | UPDATE B: Available in Q1 2024 |\n| 750-831/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-852 | UPDATE B: Available in Q1 2024 |\n| 750-880/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-881 | UPDATE B: Available in Q1 2024 |\n| 750-882 | UPDATE B: Available in Q1 2024 |\n| 750-885/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-889 | UPDATE B: Available in Q1 2024 |\n\n### Engineering Software\n\n| Name | Firmware |\n|------------------|----------------------------------|\n| WAGO-I/O-PRO 32 | UPDATE B: Available in Q1 2024 |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016"
]
}
],
"title": "CVE-2022-32138"
},
{
"cve": "CVE-2022-32137",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. User interaction is not required.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
},
"remediations": [
{
"category": "mitigation",
"details": "For vulnerabilities CVE-2022-1965, CVE-2022-32136, CVE-2022-32137, CVE-2022-32138, CVE-2022-32139, CVE-2022-32140, CVE-2022-32141, CVE-2022-32142, CVE-2022-32143 (CODESYS Advisory 2022-11):\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n- Setting strong passwords\n- Use e!Runtime or CODESYS V3\n\nFor vulnerabilities CVE-2022-31805, CVE-2022-31806 (CODESYS Advisory 2022-12):\n\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n\n- Use encryption of online communication whenever possible, this protects password transmission.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "WAGO recommends that all affected users with WAGO I/O-PRO/CODESYS 2.3 PLCs update to the firmware and use the latest version of WAGO I/O-Pro as soon as it is available.\nUntil the updates are available, we recommend switching off the CODESYS IP port 2455 after commissioning or, if this not possible, use a strong admin password.\n\n### PFC200 Family\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-8202/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8203/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8204/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8206/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8207/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8208/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8210/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8211/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8212/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8213/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8214/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8216/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8217/xxx-xxx | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 4th Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-823 | UPDATE B: Available in Q1 2024 |\n| 750-332 | UPDATE B: Available in Q1 2024 |\n| 750-832/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-862 | UPDATE B: Available in Q1 2024 |\n| 750-890/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-891 | UPDATE B: Available in Q1 2024 |\n| 750-893 | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 3rd Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-331 | UPDATE B: Available in Q1 2024 |\n| 750-829 | UPDATE B: Available in Q1 2024 |\n| 750-831/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-852 | UPDATE B: Available in Q1 2024 |\n| 750-880/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-881 | UPDATE B: Available in Q1 2024 |\n| 750-882 | UPDATE B: Available in Q1 2024 |\n| 750-885/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-889 | UPDATE B: Available in Q1 2024 |\n\n### Engineering Software\n\n| Name | Firmware |\n|------------------|----------------------------------|\n| WAGO-I/O-PRO 32 | UPDATE B: Available in Q1 2024 |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
}
],
"title": "CVE-2022-32137"
},
{
"cve": "CVE-2022-32136",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"notes": [
{
"category": "description",
"text": "In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service. User interaction is not required.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
},
"remediations": [
{
"category": "mitigation",
"details": "For vulnerabilities CVE-2022-1965, CVE-2022-32136, CVE-2022-32137, CVE-2022-32138, CVE-2022-32139, CVE-2022-32140, CVE-2022-32141, CVE-2022-32142, CVE-2022-32143 (CODESYS Advisory 2022-11):\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n- Setting strong passwords\n- Use e!Runtime or CODESYS V3\n\nFor vulnerabilities CVE-2022-31805, CVE-2022-31806 (CODESYS Advisory 2022-12):\n\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n\n- Use encryption of online communication whenever possible, this protects password transmission.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "WAGO recommends that all affected users with WAGO I/O-PRO/CODESYS 2.3 PLCs update to the firmware and use the latest version of WAGO I/O-Pro as soon as it is available.\nUntil the updates are available, we recommend switching off the CODESYS IP port 2455 after commissioning or, if this not possible, use a strong admin password.\n\n### PFC200 Family\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-8202/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8203/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8204/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8206/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8207/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8208/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8210/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8211/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8212/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8213/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8214/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8216/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8217/xxx-xxx | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 4th Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-823 | UPDATE B: Available in Q1 2024 |\n| 750-332 | UPDATE B: Available in Q1 2024 |\n| 750-832/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-862 | UPDATE B: Available in Q1 2024 |\n| 750-890/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-891 | UPDATE B: Available in Q1 2024 |\n| 750-893 | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 3rd Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-331 | UPDATE B: Available in Q1 2024 |\n| 750-829 | UPDATE B: Available in Q1 2024 |\n| 750-831/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-852 | UPDATE B: Available in Q1 2024 |\n| 750-880/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-881 | UPDATE B: Available in Q1 2024 |\n| 750-882 | UPDATE B: Available in Q1 2024 |\n| 750-885/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-889 | UPDATE B: Available in Q1 2024 |\n\n### Engineering Software\n\n| Name | Firmware |\n|------------------|----------------------------------|\n| WAGO-I/O-PRO 32 | UPDATE B: Available in Q1 2024 |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
}
],
"title": "CVE-2022-32136"
},
{
"cve": "CVE-2022-1965",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "description",
"text": "Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User interaction is not required.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
},
"remediations": [
{
"category": "mitigation",
"details": "For vulnerabilities CVE-2022-1965, CVE-2022-32136, CVE-2022-32137, CVE-2022-32138, CVE-2022-32139, CVE-2022-32140, CVE-2022-32141, CVE-2022-32142, CVE-2022-32143 (CODESYS Advisory 2022-11):\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n- Setting strong passwords\n- Use e!Runtime or CODESYS V3\n\nFor vulnerabilities CVE-2022-31805, CVE-2022-31806 (CODESYS Advisory 2022-12):\n\n- Activation of online user management, to prevent unallowed actions from unauthorized attackers\n\n- Use encryption of online communication whenever possible, this protects password transmission.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "WAGO recommends that all affected users with WAGO I/O-PRO/CODESYS 2.3 PLCs update to the firmware and use the latest version of WAGO I/O-Pro as soon as it is available.\nUntil the updates are available, we recommend switching off the CODESYS IP port 2455 after commissioning or, if this not possible, use a strong admin password.\n\n### PFC200 Family\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-8202/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8203/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8204/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8206/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8207/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8208/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8210/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8211/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8212/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8213/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8214/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8216/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-8217/xxx-xxx | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 4th Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-823 | UPDATE B: Available in Q1 2024 |\n| 750-332 | UPDATE B: Available in Q1 2024 |\n| 750-832/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-862 | UPDATE B: Available in Q1 2024 |\n| 750-890/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-891 | UPDATE B: Available in Q1 2024 |\n| 750-893 | UPDATE B: Available in Q1 2024 |\n\n### Ethernet Controller 3rd Generation Family \u2013 UPDATE B\n\n| Ord. No. | Firmware |\n|-----------------------|----------------------------------|\n| 750-331 | UPDATE B: Available in Q1 2024 |\n| 750-829 | UPDATE B: Available in Q1 2024 |\n| 750-831/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-852 | UPDATE B: Available in Q1 2024 |\n| 750-880/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-881 | UPDATE B: Available in Q1 2024 |\n| 750-882 | UPDATE B: Available in Q1 2024 |\n| 750-885/xxx-xxx | UPDATE B: Available in Q1 2024 |\n| 750-889 | UPDATE B: Available in Q1 2024 |\n\n### Engineering Software\n\n| Name | Firmware |\n|------------------|----------------------------------|\n| WAGO-I/O-PRO 32 | UPDATE B: Available in Q1 2024 |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017"
]
}
],
"title": "CVE-2022-1965"
}
]
}
GSD-2022-31804
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-31804",
"description": "The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.",
"id": "GSD-2022-31804"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-31804"
],
"details": "The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.",
"id": "GSD-2022-31804",
"modified": "2023-12-13T01:19:17.949527Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-06-09T08:02:00.000Z",
"ID": "CVE-2022-31804",
"STATE": "PUBLIC",
"TITLE": "CODESYS Gateway server prone to denial of service attack due to excessive memory allocation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CODESYS Gateway Server V2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "V2.3.9.38"
}
]
}
}
]
},
"vendor_name": "CODESYS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-789: Memory Allocation with Excessive Size Value"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download=",
"refsource": "CONFIRM",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.3.9.38",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"ID": "CVE-2022-31804"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-789"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download=",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-07-01T13:35Z",
"publishedDate": "2022-06-24T08:15Z"
}
}
}
GHSA-QHGM-4R4G-J663
Vulnerability from github – Published: 2022-06-25 00:01 – Updated: 2022-06-25 00:01
VLAI?
Details
The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2022-31804"
],
"database_specific": {
"cwe_ids": [
"CWE-789"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-24T08:15:00Z",
"severity": "HIGH"
},
"details": "The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.",
"id": "GHSA-qhgm-4r4g-j663",
"modified": "2022-06-25T00:01:01Z",
"published": "2022-06-25T00:01:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31804"
},
{
"type": "WEB",
"url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17141\u0026token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66\u0026download="
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…