exploitDog

CVE-2022-41629

Опубликовано: 31 окт. 2022

Источник: nvd

CVSS3: 7.5

CVSS3: 9.1

EPSS Низкий

Описание

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “RunningConfigs” directory. The attacker could then view and modify configuration files such as UserListInfo.xml, which would allow them to see existing administrative passwords.

Ссылки

https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-07
Patch
Third Party Advisory
US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-07
Patch
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:deltaww:infrasuite_device_master:*:*:*:*:*:*:*:*

Версия до 00.00.02a (исключая)

EPSS

Процентиль: 49%

0.00261

Низкий

7.5 High

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-306

Связанные уязвимости

GHSA-6rjf-jv9r-jj4v

CVSS3: 9.1

github

больше 2 лет назад

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “RunningConfigs” directory. The attacker could then view and modify configuration files such as UserListInfo.xml, which would allow them to see existing administrative passwords.

EPSS

Процентиль: 49%

0.00261

Низкий

7.5 High

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-306