9.8
CVE-2022-3485
- EPSS 0.8%
- Veröffentlicht 12.12.2022 12:15:10
- Zuletzt bearbeitet 21.11.2024 07:19:37
- Quelle info@cert.vde.com
- CVE-Watchlists
- Unerledigt
LoginIn IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number and thus gain full control of the device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ifm ≫ Moneo Qha210 Firmware Version <= 1.9.3
Ifm ≫ Moneo Qha200 Firmware Version <= 1.9.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.8% | 0.734 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| info@cert.vde.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-640 Weak Password Recovery Mechanism for Forgotten Password
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.