PT-2022-24384 · Daikin · Daikin Svmpc1+1
Chizuru Toyama
·
Published
2022-12-13
·
Updated
2023-07-21
·
CVE-2022-38355
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Daikin SVMPC1 versions 2.1.22 and prior
Daikin SVMPC2 versions 1.2.3 and prior
Description
The issue allows attackers with access to the local area network (LAN) to disclose sensitive information stored by the affected product without requiring authentication.
Recommendations
For Daikin SVMPC1 versions 2.1.22 and prior, update to a version later than 2.1.22 to resolve the issue.
For Daikin SVMPC2 versions 1.2.3 and prior, update to a version later than 1.2.3 to resolve the issue.
As a temporary workaround, consider restricting access to the LAN to minimize the risk of exploitation.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Daikin Svmpc1
Daikin Svmpc2