PT-2022-19881 · Unknown · Automation 360

Published

2022-04-29

Updated

2022-05-11

CVE-2022-29856

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Automation360 version 22

Description A hardcoded cryptographic key in the software allows an attacker to decrypt exported RPA packages.

Recommendations For Automation360 version 22, consider removing or regenerating the hardcoded cryptographic key to prevent unauthorized decryption of exported RPA packages. As a temporary workaround, restrict access to exported RPA packages until a patch is available.

Exploit

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2022-29856

Affected Products

Automation 360

PT-2022-19881 · Unknown · Automation 360

CVE-2022-29856

Weakness Enumeration

Related Identifiers

Affected Products

References · 5