CVE-2022-3186

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerabilitywhere theaffected product allows an attacker to access the devices main management page from the cloud. This feature enables users to remotely connect devices, however, the current implementation permits users to access other device's information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
icscertCNA
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
VendorProductVersion
dataprobeiboot-pdu4-n20_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu4sa-n15_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu4a-n15_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu4sa-n20_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu4a-n20_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu8sa-n15_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu8a-n15_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu8sa-2n15_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu8a-2n15_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu8sa-n20_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu8a-n20_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu8a-2n20_firmware
𝑥
< 1.42.06162022
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03
https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03