CVE-2022-31804
CVE-2022-31804 is a high-severity vulnerability in Codesys Gateway with a CVSS 3.x base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-789.
Key facts
- Severity: High (CVSS 3.x base score 7.5)
- CVSS v2: 5.0
- EPSS exploit prediction: 1% (59th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-789
- Affected product: Codesys Gateway
- Published:
- Last modified:
Description
The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.
Frequently asked questions
- What is CVE-2022-31804?
- The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition.
- How severe is CVE-2022-31804?
- CVE-2022-31804 has a CVSS 3.x base score of 7.5, rated high severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
- Is CVE-2022-31804 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (59th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2022-31804?
- CVE-2022-31804 affects Codesys Gateway. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2022-31804?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2022-31804 published?
- CVE-2022-31804 was published on 2022-06-24 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*
More vulnerabilities in Codesys Gateway
- CVE-2022-31802 — Critical (CVSS 9.8): In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared…
- CVE-2019-9010 — Critical (CVSS 9.8): An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of…
- CVE-2022-30792 — High (CVSS 7.5): In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized…
- CVE-2022-30791 — High (CVSS 7.5): In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized…
- CVE-2022-31805 — High (CVSS 7.5): In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication…
- CVE-2022-22517 — High (CVSS 7.5): An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a…
All CVEs affecting Codesys Gateway →
Other CWE-789 vulnerabilities
- CVE-2021-34869 — High (CVSS 8.8): This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop…
- CVE-2021-34868 — High (CVSS 8.8): This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop…
- CVE-2024-20260 — High (CVSS 8.6): A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco…
- CVE-2021-34867 — High (CVSS 8.2): This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop…
- CVE-2026-20048 — High (CVSS 7.7): A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000 Series Fabric Switches…
- CVE-2026-55380 — High (CVSS 7.5): Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from…