CVE-2022-1794

MEDIUM

CODESYS OPC DA Server <V3.5.18.20 - Info Disclosure

Title source: llm

Description

The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system.

References (1)

[Vendor Advisory] https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17129&token=1c1485c4a700c04f2069699f5be7558d276ca117&download=

Scores

CVSS v3 5.5

EPSS 0.0011

EPSS Percentile 29.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522 CWE-256

Status published

Affected Products (1)

codesys/opc_da_server < 3.5.18.20

Timeline

Published Jul 11, 2022

Tracked Since Feb 18, 2026