Lucene search
HistoryMar 23, 2023 - 6:15 a.m.
CVE-2022-22512
cve-2022-22512
varta storage
hard-coded credentials
web-ui
unauthorized access
administrative access
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
54.2%
Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network.
Affected configurations
Node
vartaelement_backup_firmwareRange<f21000400
vartaelement_backupMatch-
Node
vartaelement_s1_firmwareRange<2e.3.8.0
vartaelement_s1Match-
Node
vartaelement_s2_firmwareRange<2e.3.8.0
vartaelement_s2Match-
Node
vartaelement_s3_firmwareRange<2e.3.8.0
ORvartaelement_s3_firmwareRange2e.4.0.0–2e.4.4.0
vartaelement_s3Match-
Node
vartaelement_s4_firmwareRange<d21010400
vartaelement_s4Match-
Node
vartaone_l_firmwareRange<2e.3.8.0
vartaone_lMatch-
Node
vartaone_xl_firmwareRange<2e.3.8.0
vartaone_xlMatch-
Node
vartapulse_firmwareRange<c21010800
vartapulseMatch-
| CPE | Name | Operator | Version |
|---|---|---|---|
| varta:element_backup_firmware | varta element backup firmware | lt | f21000400 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Element backup",
"vendor": "VARTA Storage",
"versions": [
{
"lessThan": "F21000400",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Element S1",
"vendor": "VARTA Storage",
"versions": [
{
"lessThan": "2e.3.8.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Element S2",
"vendor": "VARTA Storage",
"versions": [
{
"lessThan": "2e.3.8.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Element S2",
"vendor": "VARTA Storage",
"versions": [
{
"lessThan": "2e.3.8.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Element S3",
"vendor": "VARTA Storage",
"versions": [
{
"lessThan": "2e.3.8.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Element S3",
"vendor": "VARTA Storage",
"versions": [
{
"lessThan": "2e.4.4.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Element S4",
"vendor": "VARTA Storage",
"versions": [
{
"lessThan": "D21010400",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "One L/XL",
"vendor": "VARTA Storage",
"versions": [
{
"lessThan": "2e.3.8.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pulse (not pulse neo)",
"vendor": "VARTA Storage",
"versions": [
{
"lessThan": "C21010800",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]References
Related
prion
prion
Hardcoded credentials
2023-03-23 06:15:00
cvelist
cvelist
CVE-2022-22512 VARTA: Multiple devices prone to hard-coded credentials
2023-03-23 05:32:16
nvd
nvd
CVE-2022-22512
2023-03-23 06:15:12
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
54.2%
Related for CVE-2022-22512