CVE-2022-3186

EUVD-2022-42603
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. This feature enables users to remotely connect devices, however, the current implementation permits users to access other device's information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
icscertCNA
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
dataprobeiboot-pdu4-n20_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu4sa-n15_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu4a-n15_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu4sa-n20_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu4a-n20_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu8sa-n15_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu8a-n15_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu8sa-2n15_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu8a-2n15_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu8sa-n20_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu8a-n20_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu8a-2n20_firmware
𝑥
< 1.42.06162022
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03
https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03