1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: FESTO
- Equipment: CODESYS
- Vulnerabilities: Partial String Comparison, Uncontrolled Resource Consumption, Memory Allocation with Excessive Size Value
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to block legitimate user connections, crash the application, or authenticate without proper credentials.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
FESTO reports that the following products are affected:
- FESTO CODESYS Gateway Server V2: All versions
- FESTO CODESYS Gateway Server V2: prior to V2.3.9.38
3.2 VULNERABILITY OVERVIEW
3.2.1 PARTIAL STRING COMPARISON CWE-187
In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only part of the specified password is being compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.
CVE-2022-31802 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
3.2.2 UNCONTROLLED RESOURCE CONSUMPTION CWE-400
In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODES
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: