Lucene search

IcscertCVE-2022-4312

HistoryDec 12, 2022 - 6:15 p.m.

CVE-2022-4312

2022-12-1218:15:13

CWE-312

CWE-522

icscert

web.nvd.nist.gov

cve-2022-4312

cleartext storage

pcvue

vulnerability

unauthorized access

sms

smtp

sim card

exploitation

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

Percentile

12.8%

JSON

A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could
allow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files
to discover the associated simple mail transfer protocol (SMTP) account credentials and the SIM card PIN code.
Successful exploitation of this vulnerability could allow an unauthorized user access to the underlying email
account and SIM card.

Affected configurations

Nvd

Node

arcinformatiquepcvueRange8.10–15.2.3

VendorProductVersionCPE
arcinformatiquepcvue*cpe:2.3:a:arcinformatique:pcvue:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
arcinformatique	pcvue	*	cpe:2.3:a:arcinformatique:pcvue::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PcVue",
    "vendor": "ARC Informatique",
    "versions": [
      {
        "lessThanOrEqual": "15.2.3",
        "status": "affected",
        "version": "8.10",
        "versionType": "custom"
      }
    ]
  }
]

References

www.pcvuesolutions.com/support/index.php/en/security-bulletin/1171-security-bulletin-2022-7

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

Percentile

12.8%

JSON

Related for CVE-2022-4312