PT-2022-3403 · Unknown · Meridian Cooperative Utility

Brandon Roach

Published

2022-06-24

Updated

2022-07-06

CVE-2022-29578

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Meridian Cooperative Utility Software versions 22.02 and 22.03

Description The issue is related to inadequate access control in the Meridian Cooperative Utility Software, allowing remote attackers to obtain sensitive user information, including name, address, and daily energy usage.

Recommendations For Meridian Cooperative Utility Software versions 22.02 and 22.03, update to a version that addresses the access control issue to prevent remote attackers from obtaining sensitive information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-287

Related Identifiers

BDU:2022-04177

CVE-2022-29578

Affected Products

Meridian Cooperative Utility

PT-2022-3403 · Unknown · Meridian Cooperative Utility

CVE-2022-29578

Weakness Enumeration

Related Identifiers

Affected Products

References · 6