Multiple vulnerabilities in FESTO CODESYS Gateway Server V2
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2022-31802 CVE-2022-31803 CVE-2022-31804 |
| CWE-ID | CWE-187 CWE-400 CWE-789 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
CODESYS Gateway Server V2 Server applications / Other server solutions |
| Vendor | Festo |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Partial String Comparison
EUVDB-ID: #VU112094
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-31802
CWE-ID:
CWE-187 - Partial String Comparison
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to only part of the specified password is being compared to the real CODESYS Gateway password. A remote attacker can specify a small password that matches the corresponding part of the longer real CODESYS Gateway password and perform authentication on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCODESYS Gateway Server V2: before 2.3.9.38
CPE2.3 External linkshttps://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17141&token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66&download=
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17141&token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66&download=
https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource exhaustion
EUVDB-ID: #VU112095
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-31803
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCODESYS Gateway Server V2: before 2.3.9.38
CPE2.3 External linkshttps://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17141&token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66&download=
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17141&token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66&download=
https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Uncontrolled Memory Allocation
EUVDB-ID: #VU112096
Risk: High
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-31804
CWE-ID:
CWE-789 - Uncontrolled Memory Allocation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the affected application does not verify the size of a request is within expected limits. A remote attacker can cause a denial of service (DoS) condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCODESYS Gateway Server V2: before 2.3.9.38
CPE2.3 External linkshttps://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17141&token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66&download=
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17141&token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66&download=
https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
