CVE-2022-38469
18.01.2023, 00:15
An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords.Enginsight
| Vendor | Product | Version |
|---|---|---|
| ge | proficy_historian | 7.0 ≤ 𝑥 < 2023 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-261 - Weak Encoding for PasswordObscuring a password with a trivial encoding does not protect the password.
- CWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.