CVE-2022-4945

EUVD-2022-52198
The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the device could compromise other devices connected to the user's cloud.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
icscertCNA
6.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
dataprobeiboot-pdu4-n20_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu4sa-n15_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu4a-n15_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu4sa-n20_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu4a-n20_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu8sa-n15_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu8a-n15_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu8sa-2n15_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu8a-2n15_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu8sa-n20_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu8a-n20_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu8a-2n20_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu4-c20_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu4a-c10_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu4sa-c10_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu8a-c10_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu8sa-c10_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu8a-2c20_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu4sa-c20_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu4a-c20_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu8a-2c10_firmware
𝑥
< 1.42.06162022
dataprobeiboot-pdu8a-c20_firmware
𝑥
< 1.42.06162022
𝑥
= Vulnerable software versions
References
https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf
https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03
https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf
https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03