CVE-2022-1318

Name of the Vulnerable Software and Affected Versions Hills ComNav version 3002-19

Description The issue concerns a weak communication channel in the configuration pages of the system. Traffic across the local network can be viewed by a malicious actor, and the size of certain communications packets is predictable. This predictability allows an attacker to learn the state of the system even if the traffic is encrypted, such as with WPA2, since the packet sizes remain observable. The communication encryption scheme, although theoretically sound, does not provide the level of protection required.

Recommendations For Hills ComNav version 3002-19, consider implementing a more robust encryption scheme to protect the communication channel, and restrict access to the configuration pages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.