CVE-2022-3089

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Echelon SmartServer version 2.2 with i.LON Vision 2.2

Description The issue allows an attacker to obtain cleartext usernames and passwords of the SmartServer by accessing a file that stores credentials in cleartext. If the attacker obtains the file, the credentials could be used to control the web user interface and file transfer protocol (FTP) server.

Recommendations For Echelon SmartServer version 2.2 with i.LON Vision 2.2, consider restricting access to the file that stores cleartext credentials to minimize the risk of exploitation. As a temporary workaround, limit access to the web user interface and FTP server until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Using Hardcoded Credentials

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798CWE-312

Related Identifiers

CVE-2022-3089

Affected Products

Echelon Smartserver

I.Lon Vision

CVE-2022-3089

Weakness Enumeration

Related Identifiers

Affected Products

References · 5