Sign-up

ID

VAR-202302-0891


CVE

CVE-2022-3089


TITLE

EnOcean  Made  SmartServer  Use of Hardcoded Credentials Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-001214

DESCRIPTION

Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file transfer protocol (FTP) server. EnOcean Provided by the company SmartServer The following vulnerabilities exist in. It was * Use hard-coded credentials (CWE-798) - CVE-2022-3089Authentication information for the product may be leaked. EnOcean SmartServer

Trust: 1.71

sources: NVD: CVE-2022-3089 // JVNDB: JVNDB-2023-001214 // VULMON: CVE-2022-3089

AFFECTED PRODUCTS

vendor:echelonmodel:i.lon visionscope:eqversion:2.2

Trust: 1.0

vendor:enoceanmodel:smartserverscope: - version: -

Trust: 0.8

vendor:enoceanmodel:smartserverscope:eqversion:v2.2 sr8/sp8 (( 4.12.006 )

Trust: 0.8

vendor:enoceanmodel:smartserverscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-001214 // NVD: CVE-2022-3089

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-3089
value: CRITICAL

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2022-3089
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-3089
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202302-959
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2022-3089
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2022-3089
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.5
version: 3.1

Trust: 1.0

NVD: CVE-2022-3089
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-001214 // CNNVD: CNNVD-202302-959 // NVD: CVE-2022-3089 // NVD: CVE-2022-3089

PROBLEMTYPE DATA

problemtype:CWE-312

Trust: 1.0

problemtype:CWE-798

Trust: 1.0

problemtype:Use hard-coded credentials (CWE-798) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-001214 // NVD: CVE-2022-3089

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-959

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202302-959

PATCH

title:SmartServer IoT Release Notes  (Login required) EnOceanurl:https://id.atlassian.com/login?application=confluence&continue=https%3A%2F%2Fenoceanwiki.atlassian.net%2Fwiki%2Fspaces%2FDrftSSIoT%2Fpages%2F1475410%2FSmartServer%2BIoT%2BRelease%2BNotes

Trust: 0.8

title:Echelon i.LON SmartServer Repair measures for trust management problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=226737

Trust: 0.6

sources: JVNDB: JVNDB-2023-001214 // CNNVD: CNNVD-202302-959

EXTERNAL IDS

db:NVDid:CVE-2022-3089

Trust: 3.3

db:ICS CERTid:ICSA-23-037-01

Trust: 2.5

db:JVNid:JVNVU99994755

Trust: 0.8

db:JVNDBid:JVNDB-2023-001214

Trust: 0.8

db:CNNVDid:CNNVD-202302-959

Trust: 0.6

db:VULMONid:CVE-2022-3089

Trust: 0.1

sources: VULMON: CVE-2022-3089 // JVNDB: JVNDB-2023-001214 // CNNVD: CNNVD-202302-959 // NVD: CVE-2022-3089

REFERENCES

url:https://www.cisa.gov/uscert/ics/advisories/icsa-23-037-01

Trust: 2.5

url:https://jvn.jp/vu/jvnvu99994755/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-3089

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-3089/

Trust: 0.6

sources: VULMON: CVE-2022-3089 // JVNDB: JVNDB-2023-001214 // CNNVD: CNNVD-202302-959 // NVD: CVE-2022-3089

SOURCES

db:VULMONid:CVE-2022-3089
db:JVNDBid:JVNDB-2023-001214
db:CNNVDid:CNNVD-202302-959
db:NVDid:CVE-2022-3089

LAST UPDATE DATE

2024-08-14T14:30:44.780000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-001214date:2024-06-12T03:20:00
db:CNNVDid:CNNVD-202302-959date:2023-02-27T00:00:00
db:NVDid:CVE-2022-3089date:2023-11-07T03:50:46.437

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-001214date:2023-02-09T00:00:00
db:CNNVDid:CNNVD-202302-959date:2023-02-13T00:00:00
db:NVDid:CVE-2022-3089date:2023-02-13T17:15:10.763