exploitDog

CVE-2022-3010

Опубликовано: 02 янв. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite.

Ссылки

https://csirt.divd.nl/CVE-2022-3010
Broken Link
https://csirt.divd.nl/DIVD-2022-00035
Broken Link
https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-01
Third Party Advisory
US Government Resource
https://csirt.divd.nl/CVE-2022-3010
Broken Link
https://csirt.divd.nl/DIVD-2022-00035
Broken Link
https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:priva:top_control_suite:*:*:*:*:*:*:*:*

Версия до 8.7.8.0 (включая)

EPSS

Процентиль: 32%

0.00126

Низкий

7.5 High

CVSS3

Дефекты

CWE-1391

CWE-916

Связанные уязвимости

GHSA-x5gw-mqgf-fwh3

CVSS3: 7.5

github

около 2 лет назад

The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite.

EPSS

Процентиль: 32%

0.00126

Низкий

7.5 High

CVSS3

Дефекты

CWE-1391

CWE-916