Ifm · Ifm Moneo Appliance · CVE-2022-3485
**Name of the Vulnerable Software and Affected Versions**
IFM Moneo Appliance versions up to 1.9.3
**Description**
An unauthenticated remote attacker can reset the administrator password by only supplying the serial number, thus gaining full control of the device.
**Recommendations**
For versions up to 1.9.3, as a temporary workaround, consider restricting access to the device to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.