exploitDog

CVE-2022-2640

Опубликовано: 02 дек. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP).

Ссылки

https://www.cisa.gov/uscert/ics/advisories/icsa-22-335-02
Patch
Third Party Advisory
US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-335-02
Patch
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:hornerautomation:rcc972_firmware:15.40:*:*:*:*:*:*:*

cpe:2.3:h:hornerautomation:rcc972:-:*:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00059

Низкий

7.5 High

CVSS3

Дефекты

CWE-326

Связанные уязвимости

GHSA-g2g3-6rcc-6c9q

CVSS3: 7.5

github

больше 2 лет назад

The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP).

EPSS

Процентиль: 18%

0.00059

Низкий

7.5 High

CVSS3

Дефекты

CWE-326