Sign-up

ID

VAR-202204-0228


CVE

CVE-2022-27179


TITLE

Red Lion Controls, Inc.  of  da50n  Insufficient Credential Protection Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2022-008524

DESCRIPTION

A malicious actor having access to the exported configuration file may obtain the stored credentials and thereby gain access to the protected resource. If the same passwords were used for other resources, further such assets may be compromised. Red Lion Controls, Inc. of da50n A firmware vulnerability related to insufficient protection of credentials exists.Information may be obtained

Trust: 2.25

sources: NVD: CVE-2022-27179 // JVNDB: JVNDB-2022-008524 // CNVD: CNVD-2022-65326 // VULMON: CVE-2022-27179

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-65326

AFFECTED PRODUCTS

vendor:redlionmodel:da50nscope:eqversion: -

Trust: 1.0

vendor:red lion controlsmodel:da50nscope: - version: -

Trust: 0.8

vendor:red lion controlsmodel:da50nscope:eqversion: -

Trust: 0.8

vendor:red lion controlsmodel:da50nscope:eqversion:da50n firmware

Trust: 0.8

vendor:redmodel:lion da50nscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-65326 // JVNDB: JVNDB-2022-008524 // NVD: CVE-2022-27179

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-27179
value: MEDIUM

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2022-27179
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-27179
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2022-65326
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202204-3428
value: MEDIUM

Trust: 0.6

VULMON: CVE-2022-27179
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-27179
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-65326
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-27179
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2022-27179
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.1
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2022-27179
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-65326 // VULMON: CVE-2022-27179 // JVNDB: JVNDB-2022-008524 // CNNVD: CNNVD-202204-3428 // NVD: CVE-2022-27179 // NVD: CVE-2022-27179

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.0

problemtype:Inadequate protection of credentials (CWE-522) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-008524 // NVD: CVE-2022-27179

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-3428

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202204-3428

EXTERNAL IDS

db:NVDid:CVE-2022-27179

Trust: 3.9

db:ICS CERTid:ICSA-22-104-03

Trust: 3.1

db:JVNid:JVNVU92503855

Trust: 0.8

db:JVNDBid:JVNDB-2022-008524

Trust: 0.8

db:CNVDid:CNVD-2022-65326

Trust: 0.6

db:AUSCERTid:ESB-2022.1716

Trust: 0.6

db:CS-HELPid:SB2022041904

Trust: 0.6

db:CNNVDid:CNNVD-202204-3428

Trust: 0.6

db:VULMONid:CVE-2022-27179

Trust: 0.1

sources: CNVD: CNVD-2022-65326 // VULMON: CVE-2022-27179 // JVNDB: JVNDB-2022-008524 // CNNVD: CNNVD-202204-3428 // NVD: CVE-2022-27179

REFERENCES

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-03

Trust: 2.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-104-03

Trust: 1.2

url:https://jvn.jp/vu/jvnvu92503855/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-27179

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-27179/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022041904

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1716

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/522.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-65326 // VULMON: CVE-2022-27179 // JVNDB: JVNDB-2022-008524 // CNNVD: CNNVD-202204-3428 // NVD: CVE-2022-27179

CREDITS

Ron Brash of aDolus Technology Inc. reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202204-3428

SOURCES

db:CNVDid:CNVD-2022-65326
db:VULMONid:CVE-2022-27179
db:JVNDBid:JVNDB-2022-008524
db:CNNVDid:CNNVD-202204-3428
db:NVDid:CVE-2022-27179

LAST UPDATE DATE

2024-11-23T22:29:02.010000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-65326date:2022-09-23T00:00:00
db:VULMONid:CVE-2022-27179date:2022-04-28T00:00:00
db:JVNDBid:JVNDB-2022-008524date:2023-07-27T08:18:00
db:CNNVDid:CNNVD-202204-3428date:2022-04-29T00:00:00
db:NVDid:CVE-2022-27179date:2024-11-21T06:55:21.277

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-65326date:2022-09-23T00:00:00
db:VULMONid:CVE-2022-27179date:2022-04-20T00:00:00
db:JVNDBid:JVNDB-2022-008524date:2023-07-27T00:00:00
db:CNNVDid:CNNVD-202204-3428date:2022-04-14T00:00:00
db:NVDid:CVE-2022-27179date:2022-04-20T16:15:08.660