← Volver a CVEs
CVE-2022-3089
MEDIUM6.3
Descripcion
Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file transfer protocol (FTP) server.
Detalles CVE
Puntuacion CVSS v3.16.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioNONE
Publicado2/13/2023
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
echelon:i.lon_visionechelon:smartserver
Debilidades (CWE)
CWE-798CWE-312
Referencias
https://www.cisa.gov/uscert/ics/advisories/icsa-23-037-01(ics-cert@hq.dhs.gov)
https://www.cisa.gov/uscert/ics/advisories/icsa-23-037-01(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.