Sign-up

ID

VAR-202204-0230


CVE

CVE-2022-1039


TITLE

Red Lion Controls, Inc.  of  da50n  Weak password requirement vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2022-008846

DESCRIPTION

The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be accessed via SSH or Telnet, the former of which is by default enabled on trusted interfaces. While the SSH service does not support root login, a user logging in using either of the other Linux accounts may elevate to root access using the su command if they have access to the associated password. Red Lion Controls, Inc. of da50n A weak password requirement vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Red Lion DA50N has a security vulnerability that could allow an attacker to use the su command to escalate to root access

Trust: 2.25

sources: NVD: CVE-2022-1039 // JVNDB: JVNDB-2022-008846 // CNVD: CNVD-2022-65327 // VULMON: CVE-2022-1039

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-65327

AFFECTED PRODUCTS

vendor:redlionmodel:da50nscope:eqversion:*

Trust: 1.0

vendor:red lion controlsmodel:da50nscope: - version: -

Trust: 0.8

vendor:red lion controlsmodel:da50nscope:eqversion: -

Trust: 0.8

vendor:red lion controlsmodel:da50nscope:eqversion:da50n firmware

Trust: 0.8

vendor:redmodel:lion da50nscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-65327 // JVNDB: JVNDB-2022-008846 // NVD: CVE-2022-1039

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-1039
value: CRITICAL

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2022-1039
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-1039
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2022-65327
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202204-3429
value: CRITICAL

Trust: 0.6

VULMON: CVE-2022-1039
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-1039
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-65327
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-1039
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2022-1039
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-1039
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-65327 // VULMON: CVE-2022-1039 // JVNDB: JVNDB-2022-008846 // CNNVD: CNNVD-202204-3429 // NVD: CVE-2022-1039 // NVD: CVE-2022-1039

PROBLEMTYPE DATA

problemtype:CWE-521

Trust: 1.0

problemtype:Weak password request (CWE-521) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-008846 // NVD: CVE-2022-1039

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-3429

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202204-3429

EXTERNAL IDS

db:NVDid:CVE-2022-1039

Trust: 3.9

db:ICS CERTid:ICSA-22-104-03

Trust: 3.1

db:JVNid:JVNVU92503855

Trust: 0.8

db:JVNDBid:JVNDB-2022-008846

Trust: 0.8

db:CNVDid:CNVD-2022-65327

Trust: 0.6

db:AUSCERTid:ESB-2022.1716

Trust: 0.6

db:CS-HELPid:SB2022041904

Trust: 0.6

db:CNNVDid:CNNVD-202204-3429

Trust: 0.6

db:VULMONid:CVE-2022-1039

Trust: 0.1

sources: CNVD: CNVD-2022-65327 // VULMON: CVE-2022-1039 // JVNDB: JVNDB-2022-008846 // CNNVD: CNNVD-202204-3429 // NVD: CVE-2022-1039

REFERENCES

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-03

Trust: 2.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-104-03

Trust: 1.2

url:https://jvn.jp/vu/jvnvu92503855/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-1039

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022041904

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1716

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-1039/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/521.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-65327 // VULMON: CVE-2022-1039 // JVNDB: JVNDB-2022-008846 // CNNVD: CNNVD-202204-3429 // NVD: CVE-2022-1039

CREDITS

Ron Brash of aDolus Technology Inc. reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202204-3429

SOURCES

db:CNVDid:CNVD-2022-65327
db:VULMONid:CVE-2022-1039
db:JVNDBid:JVNDB-2022-008846
db:CNNVDid:CNNVD-202204-3429
db:NVDid:CVE-2022-1039

LAST UPDATE DATE

2024-11-23T22:29:02.073000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-65327date:2022-09-23T00:00:00
db:VULMONid:CVE-2022-1039date:2022-05-04T00:00:00
db:JVNDBid:JVNDB-2022-008846date:2023-07-31T08:22:00
db:CNNVDid:CNNVD-202204-3429date:2022-05-05T00:00:00
db:NVDid:CVE-2022-1039date:2024-11-21T06:39:54.660

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-65327date:2022-09-23T00:00:00
db:VULMONid:CVE-2022-1039date:2022-04-20T00:00:00
db:JVNDBid:JVNDB-2022-008846date:2023-07-31T00:00:00
db:CNNVDid:CNNVD-202204-3429date:2022-04-14T00:00:00
db:NVDid:CVE-2022-1039date:2022-04-20T16:15:08.360