CVE-2022-3089

EPSS 0.08%
Veröffentlicht 13.02.2023 17:15:10
Zuletzt bearbeitet 21.11.2024 07:18:48
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login





Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file transfer protocol (FTP) server.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Echelon ≫ I.Lon Vision Version2.2

Echelon ≫ Smartserver Version2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.224

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ics-cert@hq.dhs.gov	6.3	0.8	5.5	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.cisa.gov/uscert/ics/advisories/icsa-23-037-01

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2022-3089

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3089

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3089

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-3089