Observable Response Discrepancy

CVE-2022-1989

Medium

5.3/10

Summary

All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-204 - Observable Response Discrepancy

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

References

Advisory Timeline

Published Aug 23, 2022

Observable Response Discrepancy

CVE-2022-1989

Summary

CWE-204 - Observable Response Discrepancy

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS