Lucene search

[email protected]NVD:CVE-2022-3485

HistoryDec 12, 2022 - 12:15 p.m.

CVE-2022-3485

2022-12-1212:15:10

CWE-640

[email protected]

web.nvd.nist.gov

ifm moneo appliance

vulnerability

unauthenticated

password reset

remote attacker

full control

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

72.7%

JSON

In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number and thus gain full control of the device.

Affected configurations

Nvd

Node

ifmmoneo_qha210_firmwareRange≤1.9.3

AND

ifmmoneo_qha210Match-

Node

ifmmoneo_qha200_firmwareRange≤1.9.3

AND

ifmmoneo_qha200Match-

VendorProductVersionCPE
ifmmoneo_qha210_firmware*cpe:2.3:o:ifm:moneo_qha210_firmware:*:*:*:*:*:*:*:*
ifmmoneo_qha210-cpe:2.3:h:ifm:moneo_qha210:-:*:*:*:*:*:*:*
ifmmoneo_qha200_firmware*cpe:2.3:o:ifm:moneo_qha200_firmware:*:*:*:*:*:*:*:*
ifmmoneo_qha200-cpe:2.3:h:ifm:moneo_qha200:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ifm	moneo_qha210_firmware	*	cpe:2.3:o:ifm:moneo_qha210_firmware::::::::
ifm	moneo_qha210	-	cpe:2.3:h:ifm:moneo_qha210:-:::::::*
ifm	moneo_qha200_firmware	*	cpe:2.3:o:ifm:moneo_qha200_firmware::::::::
ifm	moneo_qha200	-	cpe:2.3:h:ifm:moneo_qha200:-:::::::*

References

cert.vde.com/en/advisories/VDE-2022-050/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

72.7%

JSON

Related for NVD:CVE-2022-3485

prion1 cvelist1 cve1