PT-2022-2758 · Unknown · Wiser Controller Eer21000+2

Published

2022-05-10

Updated

2022-06-13

CVE-2022-30237

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:N/C:C/I:P/A:N

Name of the Vulnerable Software and Affected Versions Wiser Smart versions prior to 4.5 Wiser Controller EER21000 versions prior to 4.5 Wiser Controller EER21001 versions prior to 4.5

Description The issue is related to the lack of encryption measures for sensitive data. This could allow a remote attacker to recover authentication credentials by breaking the encoding.

Recommendations For Wiser Smart versions prior to 4.5, update to a version later than 4.5 to resolve the issue. For Wiser Controller EER21000 versions prior to 4.5, update to a version later than 4.5 to resolve the issue. For Wiser Controller EER21001 versions prior to 4.5, update to a version later than 4.5 to resolve the issue.

Fix

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311

Related Identifiers

BDU:2022-03277

CVE-2022-30237

Affected Products

Wiser Controller Eer21000

Wiser Controller Eer21001

Wiser Smart

PT-2022-2758 · Unknown · Wiser Controller Eer21000+2

CVE-2022-30237

Weakness Enumeration

Related Identifiers

Affected Products

References · 7