Lucene search

[email protected]CVE-2022-3089

HistoryFeb 13, 2023 - 5:15 p.m.

CVE-2022-3089

2023-02-1317:15:10

CWE-798

CWE-312

[email protected]

web.nvd.nist.gov

cve-2022-3089

echelon

smartserver

i.lon vision

cleartext credentials

attacker

file transfer protocol

ftp

security vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.6%

JSON

Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file transfer protocol (FTP) server.

Affected configurations

NVD

Node

echeloni.lon_visionMatch2.2

AND

echelonsmartserverMatch2.2

CPENameOperatorVersion
echelon:i.lon_visionechelon i.lon visioneq2.2

CPE	Name	Operator	Version
echelon:i.lon_vision	echelon i.lon vision	eq	2.2

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Smartserver",
    "vendor": "EnOcean",
    "versions": [
      {
        "status": "affected",
        "version": " v2.2 SR8/SP8 (4.12.006) with i.LON Vision v2.2 SR8/SP8 (4.12.006)"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-23-037-01

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.6%

JSON

Related for CVE-2022-3089

ics1 cvelist1 prion1 nvd1