TalosVULNRICHMENT:CVE-2022-40691CVE-2022-40691
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
71.2%
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
partial
An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.
ADP Affected
[
{
"cpes": [
"cpe:2.3:o:moxa:sds-3008_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "moxa",
"product": "sds-3008_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "2.1"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:moxa:sds-3008-t_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "moxa",
"product": "sds-3008-t_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "2.1"
}
],
"defaultStatus": "unknown"
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
71.2%
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
partial