CVE-2022-1794
Plaintext Storage of a password in CODESYS V3 OPC DA Server
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system.
El CODESYS OPC DA Server versiones anteriores a V3.5.18.20, almacena las contraseƱas del PLC como texto plano en su archivo de configuraciĆ³n, de modo que es visible para todos los usuarios autorizados de Microsoft Windows del sistema
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-05-18 CVE Reserved
- 2022-07-11 CVE Published
- 2024-02-01 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-256: Plaintext Storage of a Password
- CWE-522: Insufficiently Protected Credentials
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Codesys Search vendor "Codesys" | Opc Da Server Search vendor "Codesys" for product "Opc Da Server" | >= 3.0.0 < 3.5.18.20 Search vendor "Codesys" for product "Opc Da Server" and version " >= 3.0.0 < 3.5.18.20" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|