CVE-2022-31806

In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller.

Published: Jun 24, 2022
Updated: May 4, 2025
CVE: CVE-2022-31806
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-1188

Affected Software
References

Software	From	Fixed in
codesys / runtime_toolkit	-	2.4.7.57
codesys / plcwinnt	-	2.4.7.57

https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download=

Vulnerability Database

289,697

CVE-2022-31806