CVE-2022-27179

EPSS 0.16%
Published 20.04.2022 16:15:08
Last modified 21.11.2024 06:55:21
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

A malicious actor having access to the exported configuration file may obtain the stored credentials and thereby gain access to the protected resource. If the same passwords were used for other resources, further such assets may be compromised.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Redlion ≫ Da50n Firmware Version-

Redlion ≫ Da50n Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.16%	0.381

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
ics-cert@hq.dhs.gov	4.6	2.1	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-03

Third Party Advisory

US Government Resource

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2022-27179

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-27179

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-27179

EUVD