VYPR
Unrated severityNVD Advisory· Published Jun 24, 2022· Updated Sep 17, 2024

Partial string comparison in CODESYS gateway server

CVE-2022-31802

Description

In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.