CVE-2022-1794 - OpenCVE

The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:L/AC:M/Au:N/C:C/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows
Codesys	Opc Da Server

Configuration 1 [-]

AND

cpe:2.3:a:codesys:opc_da_server:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17129&token=1c1485c4a700c04f2069699f5be7558d276ca117&download=	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: CERTVDE

Published: 2022-07-06T00:00:00

Updated: 2022-07-11T10:40:27

Reserved: 2022-05-18T00:00:00

Link: CVE-2022-1794

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-07-11T11:15:08.047

Modified: 2023-06-27T15:56:43.407

Link: CVE-2022-1794

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "CODESYS OPC DA Server", "vendor": "CODESYS", "versions": [{"lessThanOrEqual": "V3.5.18.20", "status": "affected", "version": "V3", "versionType": "custom"}]}], "datePublic": "2022-07-06T00:00:00", "descriptions": [{"lang": "en", "value": "The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-256", "description": "CWE-256 Unprotected Storage of Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-11T10:40:27", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17129&token=1c1485c4a700c04f2069699f5be7558d276ca117&download="}], "source": {"discovery": "UNKNOWN"}, "title": "Plaintext Storage of a password in CODESYS V3 OPC DA Server", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2022-07-06T13:08:00.000Z", "ID": "CVE-2022-1794", "STATE": "PUBLIC", "TITLE": "Plaintext Storage of a password in CODESYS V3 OPC DA Server"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CODESYS OPC DA Server", "version": {"version_data": [{"version_affected": "<=", "version_name": "V3", "version_value": "V3.5.18.20"}]}}]}, "vendor_name": "CODESYS"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-256 Unprotected Storage of Credentials"}]}]}, "references": {"reference_data": [{"name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17129&token=1c1485c4a700c04f2069699f5be7558d276ca117&download=", "refsource": "CONFIRM", "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17129&token=1c1485c4a700c04f2069699f5be7558d276ca117&download="}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2022-1794", "datePublished": "2022-07-06T00:00:00", "dateReserved": "2022-05-18T00:00:00", "dateUpdated": "2022-07-11T10:40:27", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:codesys:opc_da_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "0953E5C4-8A18-4AF7-A0AD-4A4DB3BCAEFE", "versionEndExcluding": "3.5.18.20", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system."}, {"lang": "es", "value": "El CODESYS OPC DA Server versiones anteriores a V3.5.18.20, almacena las contrase\u00f1as del PLC como texto plano en su archivo de configuraci\u00f3n, de modo que es visible para todos los usuarios autorizados de Microsoft Windows del sistema"}], "id": "CVE-2022-1794", "lastModified": "2023-06-27T15:56:43.407", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.7, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "info@cert.vde.com", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2022-07-11T11:15:08.047", "references": [{"source": "info@cert.vde.com", "tags": ["Vendor Advisory"], "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17129&token=1c1485c4a700c04f2069699f5be7558d276ca117&download="}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-256"}], "source": "info@cert.vde.com", "type": "Secondary"}]}