CVE-2022-3091

RONDS EPM version 1.19.5 has a vulnerability in which a function could allow unauthenticated users to leak credentials. In some circumstances, an attacker can exploit this vulnerability to execute operating system (OS) commands.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-02	Third Party Advisory US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-02	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:ronds:equipment_predictive_maintenance:1.19.5:*:*:*:*:*:*:*

History

21 Nov 2024, 07:18

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-01-17 17:15

Updated : 2024-11-21 07:18

NVD link : CVE-2022-3091

Mitre link : CVE-2022-3091

CVE.ORG link : CVE-2022-3091

JSON object : View

Products Affected

ronds

equipment_predictive_maintenance

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2022-3091", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-01-17T17:15:11.620", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "RONDS EPM version 1.19.5 has a vulnerability in which a function could \nallow unauthenticated users to leak credentials. In some circumstances, \nan attacker can exploit this vulnerability to execute operating system \n(OS) commands. \n\n\n\n"}, {"lang": "es", "value": "RONDS EPM versi\u00f3n 1.19.5 tiene una vulnerabilidad en la que una funci\u00f3n podr\u00eda permitir que usuarios no autenticados filtren credenciales. En algunas circunstancias, un atacante puede aprovechar esta vulnerabilidad para ejecutar comandos del sistema operativo (SO)."}], "lastModified": "2024-11-21T07:18:48.483", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ronds:equipment_predictive_maintenance:1.19.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E989C2F6-A2EA-4CD9-B058-07164859F438"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}