CVE-2022-31803
MEDIUMCODESYS Gateway Server 2.0-2.3.9.38 - Unauthenticated Denial of Service via TCP Connection Exhaustion
Title source: llmDescription
In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17141&token=17867e35cfd30c77ba0137f9a17b3a557a4b7b66&download=
Scores
CVSS v3
5.3
EPSS
0.0103
EPSS Percentile
59.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-400
Status
published
Products (1)
codesys/gateway
2.0 - 2.3.9.38
Published
Jun 24, 2022
Tracked Since
Feb 18, 2026