8.7
CVE-2024-45862
- EPSS 0.25%
- Veröffentlicht 19.09.2024 16:15:05
- Zuletzt bearbeitet 30.09.2024 19:33:30
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginCleartext Storage of Sensitive Information in Kastle Systems Access Control System
Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kastle ≫ Access Control System Firmware Version < 2024-05-01
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.159 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| ics-cert@hq.dhs.gov | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-312 Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-05