Описание
In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.
Уязвимые конфигурации
Конфигурация 1Версия от 2.0 (включая) до 2.3.9.38 (исключая)
cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.0053
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-187
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.
EPSS
Процентиль: 67%
0.0053
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-187