Lucene search

PRIOn knowledge basePRION:CVE-2022-3738

HistoryJan 19, 2023 - 12:15 p.m.

Information disclosure

2023-01-1912:15:00

PRIOn knowledge base

www.prio-n.com

vulnerability

information disclosure

remote attacker

backup file

sensitive information

credentials

cryptographic material

valid user

backup creation

5.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.2%

JSON

The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull.

CPENameOperatorVersion
cc100_firmwarege16
cc100_firmwarele22
edge_controller_firmwarege16
edge_controller_firmwarele22
pfc100_firmwarege16
pfc100_firmwarele22
pfc200_firmwarege16
pfc200_firmwarele22
touch_panel_600_advanced_firmwarege16
touch_panel_600_advanced_firmwarele22

Name	Operator	Version
cc100_firmware	ge	16
cc100_firmware	le	22
edge_controller_firmware	ge	16
edge_controller_firmware	le	22
pfc100_firmware	ge	16
pfc100_firmware	le	22
pfc200_firmware	ge	16
pfc200_firmware	le	22
touch_panel_600_advanced_firmware	ge	16
touch_panel_600_advanced_firmware	le	22

Rows per page:

1-10 of 141

References

cert.vde.com/en/advisories/VDE-2022-054/