cvelistv5 - cve-2022-31805

▼	URL	Tags
	info@cert.vde.com	https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download=	Vendor Advisory

▼	Vendor	Product
	CODESYS	CODESYS Development System
	CODESYS	CODESYS Gateway Client
	CODESYS	CODESYS Gateway Server
	CODESYS	CODESYS Web server
	CODESYS	CODESYS SP Realtime NT
	CODESYS	CODESYS PLCWinNT
	CODESYS	CODESYS Runtime Toolkit 32 bit full
	CODESYS	CODESYS Edge Gateway for Windows
	CODESYS	CODESYS HMI (SL)
	CODESYS	CODESYS OPC DA Server SL
	CODESYS	CODESYS PLCHandler
	CODESYS	CODESYS Gateway

wid-sec-w-2023-0825

Vulnerability from csaf_certbund

Published

2023-04-02 22:00

Modified

2023-04-02 22:00

Summary

ABB AC-500: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Die ABB AC-500 ist eine speicherprogrammierbare Steuerung (SPS).

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in ABB AC-500 ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Dateien zu manipulieren.

Betroffene Betriebssysteme

- BIOS/Firmware

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die ABB AC-500 ist eine speicherprogrammierbare Steuerung (SPS).",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in ABB AC-500 ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0825 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0825.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0825 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0825"
      },
      {
        "category": "external",
        "summary": "ABB Security Advisory vom 2023-04-02",
        "url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
      }
    ],
    "source_lang": "en-US",
    "title": "ABB AC-500: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-04-02T22:00:00.000+00:00",
      "generator": {
        "date": "2024-02-15T17:21:39.810+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2023-0825",
      "initial_release_date": "2023-04-02T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-04-02T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "ABB AC-500 \u003c 2.8.6",
            "product": {
              "name": "ABB AC-500 \u003c 2.8.6",
              "product_id": "T027047",
              "product_identification_helper": {
                "cpe": "cpe:/h:abb:ac-500:2.8.6"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "ABB"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-32143",
      "notes": [
        {
          "category": "description",
          "text": "In ABB AC-500 existieren mehrere Schwachstellen. Diese sind auf einen Out-of-Bounds-Lesefehler, Fehler beim Error-Handling, einer unzureichend verschl\u00fcsselten Kommunikation, Speicherfehler sowie Fehler in Funktionen zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2023-04-02T22:00:00Z",
      "title": "CVE-2022-32143"
    },
    {
      "cve": "CVE-2022-32142",
      "notes": [
        {
          "category": "description",
          "text": "In ABB AC-500 existieren mehrere Schwachstellen. Diese sind auf einen Out-of-Bounds-Lesefehler, Fehler beim Error-Handling, einer unzureichend verschl\u00fcsselten Kommunikation, Speicherfehler sowie Fehler in Funktionen zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2023-04-02T22:00:00Z",
      "title": "CVE-2022-32142"
    },
    {
      "cve": "CVE-2022-32141",
      "notes": [
        {
          "category": "description",
          "text": "In ABB AC-500 existieren mehrere Schwachstellen. Diese sind auf einen Out-of-Bounds-Lesefehler, Fehler beim Error-Handling, einer unzureichend verschl\u00fcsselten Kommunikation, Speicherfehler sowie Fehler in Funktionen zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2023-04-02T22:00:00Z",
      "title": "CVE-2022-32141"
    },
    {
      "cve": "CVE-2022-32140",
      "notes": [
        {
          "category": "description",
          "text": "In ABB AC-500 existieren mehrere Schwachstellen. Diese sind auf einen Out-of-Bounds-Lesefehler, Fehler beim Error-Handling, einer unzureichend verschl\u00fcsselten Kommunikation, Speicherfehler sowie Fehler in Funktionen zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2023-04-02T22:00:00Z",
      "title": "CVE-2022-32140"
    },
    {
      "cve": "CVE-2022-32139",
      "notes": [
        {
          "category": "description",
          "text": "In ABB AC-500 existieren mehrere Schwachstellen. Diese sind auf einen Out-of-Bounds-Lesefehler, Fehler beim Error-Handling, einer unzureichend verschl\u00fcsselten Kommunikation, Speicherfehler sowie Fehler in Funktionen zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2023-04-02T22:00:00Z",
      "title": "CVE-2022-32139"
    },
    {
      "cve": "CVE-2022-32138",
      "notes": [
        {
          "category": "description",
          "text": "In ABB AC-500 existieren mehrere Schwachstellen. Diese sind auf einen Out-of-Bounds-Lesefehler, Fehler beim Error-Handling, einer unzureichend verschl\u00fcsselten Kommunikation, Speicherfehler sowie Fehler in Funktionen zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2023-04-02T22:00:00Z",
      "title": "CVE-2022-32138"
    },
    {
      "cve": "CVE-2022-32137",
      "notes": [
        {
          "category": "description",
          "text": "In ABB AC-500 existieren mehrere Schwachstellen. Diese sind auf einen Out-of-Bounds-Lesefehler, Fehler beim Error-Handling, einer unzureichend verschl\u00fcsselten Kommunikation, Speicherfehler sowie Fehler in Funktionen zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2023-04-02T22:00:00Z",
      "title": "CVE-2022-32137"
    },
    {
      "cve": "CVE-2022-32136",
      "notes": [
        {
          "category": "description",
          "text": "In ABB AC-500 existieren mehrere Schwachstellen. Diese sind auf einen Out-of-Bounds-Lesefehler, Fehler beim Error-Handling, einer unzureichend verschl\u00fcsselten Kommunikation, Speicherfehler sowie Fehler in Funktionen zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2023-04-02T22:00:00Z",
      "title": "CVE-2022-32136"
    },
    {
      "cve": "CVE-2022-3192",
      "notes": [
        {
          "category": "description",
          "text": "In ABB AC-500 existieren mehrere Schwachstellen. Diese sind auf einen Out-of-Bounds-Lesefehler, Fehler beim Error-Handling, einer unzureichend verschl\u00fcsselten Kommunikation, Speicherfehler sowie Fehler in Funktionen zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2023-04-02T22:00:00Z",
      "title": "CVE-2022-3192"
    },
    {
      "cve": "CVE-2022-31805",
      "notes": [
        {
          "category": "description",
          "text": "In ABB AC-500 existieren mehrere Schwachstellen. Diese sind auf einen Out-of-Bounds-Lesefehler, Fehler beim Error-Handling, einer unzureichend verschl\u00fcsselten Kommunikation, Speicherfehler sowie Fehler in Funktionen zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2023-04-02T22:00:00Z",
      "title": "CVE-2022-31805"
    },
    {
      "cve": "CVE-2022-1965",
      "notes": [
        {
          "category": "description",
          "text": "In ABB AC-500 existieren mehrere Schwachstellen. Diese sind auf einen Out-of-Bounds-Lesefehler, Fehler beim Error-Handling, einer unzureichend verschl\u00fcsselten Kommunikation, Speicherfehler sowie Fehler in Funktionen zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2023-04-02T22:00:00Z",
      "title": "CVE-2022-1965"
    },
    {
      "cve": "CVE-2021-34595",
      "notes": [
        {
          "category": "description",
          "text": "In ABB AC-500 existieren mehrere Schwachstellen. Diese sind auf einen Out-of-Bounds-Lesefehler, Fehler beim Error-Handling, einer unzureichend verschl\u00fcsselten Kommunikation, Speicherfehler sowie Fehler in Funktionen zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
        }
      ],
      "release_date": "2023-04-02T22:00:00Z",
      "title": "CVE-2021-34595"
    }
  ]
}

ghsa-q837-53gv-8r7r

Vulnerability from github

Published

2022-06-25 00:01

Modified

2022-06-25 00:01

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-31805"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-523"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-24T08:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.",
  "id": "GHSA-q837-53gv-8r7r",
  "modified": "2022-06-25T00:01:01Z",
  "published": "2022-06-25T00:01:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31805"
    },
    {
      "type": "WEB",
      "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

var-202206-1953

Vulnerability from variot

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202206-1953",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "web server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "1.1.9.23"
      },
      {
        "model": "edge gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.5.18.30"
      },
      {
        "model": "plcwinnt",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "2.4.7.57"
      },
      {
        "model": "development system",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "2.3.9.69"
      },
      {
        "model": "opc server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.5.18.30"
      },
      {
        "model": "plchandler",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.5.18.30"
      },
      {
        "model": "sp realtime nt",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "2.3.7.30"
      },
      {
        "model": "runtime toolkit",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "2.4.7.57"
      },
      {
        "model": "gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "2.3.9.38"
      },
      {
        "model": "hmi sl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "codesys",
        "version": "3.5.18.30"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-31805"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:x86:*",
                "cpe_name": [],
                "versionEndExcluding": "2.4.7.57",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:plcwinnt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.4.7.57",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:plchandler:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.18.30",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:opc_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.18.30",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.18.30",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.18.30",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:sp_realtime_nt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.3.7.30",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:web_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.1.9.23",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.3.9.38",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.3.9.69",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-31805"
      }
    ]
  },
  "cve": "CVE-2022-31805",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-423674",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2022-31805",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-31805",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "info@cert.vde.com",
            "id": "CVE-2022-31805",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202206-2454",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-423674",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-31805",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-423674"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-31805"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-31805"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-31805"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2454"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-31805"
      },
      {
        "db": "VULHUB",
        "id": "VHN-423674"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-31805"
      }
    ],
    "trust": 1.08
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-31805",
        "trust": 1.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2454",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-423674",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-31805",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-423674"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-31805"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-31805"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2454"
      }
    ]
  },
  "id": "VAR-202206-1953",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-423674"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:42:03.540000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CODESYS Development System Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=199005"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/ic3sw0rd/codesys_v2_vulnerability "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-31805"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2454"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-523",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-423674"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-31805"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-31805/"
      },
      {
        "trust": 0.1,
        "url": "https://customers.codesys.com/index.php?eid=dumpfile\u0026amp;t=f\u0026amp;f=17140\u0026amp;token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026amp;download="
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/523.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/ic3sw0rd/codesys_v2_vulnerability"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-423674"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-31805"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-31805"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2454"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-423674"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-31805"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-31805"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2454"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-06-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-423674"
      },
      {
        "date": "2022-06-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-31805"
      },
      {
        "date": "2022-06-24T08:15:07.590000",
        "db": "NVD",
        "id": "CVE-2022-31805"
      },
      {
        "date": "2022-06-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202206-2454"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-09-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-423674"
      },
      {
        "date": "2022-07-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-31805"
      },
      {
        "date": "2023-05-09T13:15:15.160000",
        "db": "NVD",
        "id": "CVE-2022-31805"
      },
      {
        "date": "2022-07-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202206-2454"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2454"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CODESYS Development System Security hole",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2454"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-2454"
      }
    ],
    "trust": 0.6
  }
}

gsd-2022-31805

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.

Aliases

CVE-2022-31805

Aliases

CVE-2022-31805

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-31805",
    "description": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.",
    "id": "GSD-2022-31805"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-31805"
      ],
      "details": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.\n\n",
      "id": "GSD-2022-31805",
      "modified": "2023-12-13T01:19:18.066897Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "info@cert.vde.com",
        "ID": "CVE-2022-31805",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "CODESYS Development System",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V2",
                          "version_value": "V2.3.9.69"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "V3",
                          "version_value": "V3.5.18.30"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS Gateway Client",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V2",
                          "version_value": "V2.3.9.38"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS Gateway Server",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V2",
                          "version_value": "V2.3.9.38"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS Web server",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V1",
                          "version_value": " V1.1.9.23"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS SP Realtime NT",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V2",
                          "version_value": "V2.3.7.30"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS PLCWinNT",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V2",
                          "version_value": "V2.4.7.57"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS Runtime Toolkit 32 bit full",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V2",
                          "version_value": "V2.4.7.57"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS Edge Gateway for Windows",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V3",
                          "version_value": "V3.5.18.30"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS HMI (SL)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V3",
                          "version_value": "V3.5.18.30"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS OPC DA Server SL",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V3",
                          "version_value": "V3.5.18.30"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS PLCHandler",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V3",
                          "version_value": "V3.5.18.30"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CODESYS Gateway",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "V3",
                          "version_value": "V3.5.18.30"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "CODESYS"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.\n\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-523",
                "lang": "eng",
                "value": "CWE-523 Unprotected Transport of Credentials"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download=",
            "refsource": "MISC",
            "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
          }
        ]
      },
      "source": {
        "defect": [
          "CERT@VDE#",
          "64140"
        ],
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:codesys:runtime_toolkit:*:*:*:*:*:*:x86:*",
                "cpe_name": [],
                "versionEndExcluding": "2.4.7.57",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:plcwinnt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.4.7.57",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:plchandler:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.18.30",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:opc_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.18.30",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.18.30",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:hmi_sl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.18.30",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:sp_realtime_nt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.3.7.30",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:web_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.1.9.23",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.3.9.38",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.3.9.69",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "ID": "CVE-2022-31805"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.\n\n"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-523"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download=",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-05-09T13:15Z",
      "publishedDate": "2022-06-24T08:15Z"
    }
  }
}

Action not permitted

cve-2022-31805

Vulnerability from cvelistv5

wid-sec-w-2023-0825

Vulnerability from csaf_certbund

ghsa-q837-53gv-8r7r

Vulnerability from github

var-202206-1953

Vulnerability from variot

gsd-2022-31805

Vulnerability from gsd

Tags