Lucene search

IcscertCVELIST:CVE-2022-38355

HistoryDec 13, 2022 - 9:12 p.m.

CVE-2022-38355

2022-12-1321:12:06

CWE-284

icscert

www.cve.org

daikin

svmpc1

svmpc2

vulnerability

lan

sensitive information disclosure

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

Percentile

10.6%

JSON

Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to

attackers with access to the local area network (LAN) to disclose sensitive information stored by the affected product without requiring authentication.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SVMPC1 ",
    "vendor": "Daikin",
    "versions": [
      {
        "lessThanOrEqual": "2.1.22",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SVMPC2",
    "vendor": "Daikin",
    "versions": [
      {
        "lessThanOrEqual": "1.2.3",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-22-284-02

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

Percentile

10.6%

JSON

Related for CVELIST:CVE-2022-38355