CVE-2022-3372

There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator passwords through a Cross Site Request Forgery due to the lack of proper validation on the CRSF token. This vulnerability could allow a remote attacker to access the administrator panel, being able to modify different parameters that are critical for industrial operations.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
INCIBECNA
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
VendorProductVersion
riello-upsnetman_204_firmware
02.05
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/cross-site-request-forgery-csrf-riello-ups-netman-204
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/cross-site-request-forgery-csrf-riello-ups-netman-204