Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network.
References
Link | Resource |
---|---|
https://cert.vde.com/en/advisories/VDE-2022-061/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
27 Mar 2023, 16:14
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://cert.vde.com/en/advisories/VDE-2022-061/ - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:o:varta:element_s4_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:varta:element_s3:-:*:*:*:*:*:*:* cpe:2.3:o:varta:element_backup_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:varta:element_s1_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:varta:element_s3_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:varta:element_s2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:varta:one_xl_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:varta:one_l:-:*:*:*:*:*:*:* cpe:2.3:h:varta:element_s2:-:*:*:*:*:*:*:* cpe:2.3:h:varta:element_backup:-:*:*:*:*:*:*:* cpe:2.3:h:varta:pulse:-:*:*:*:*:*:*:* cpe:2.3:h:varta:element_s4:-:*:*:*:*:*:*:* cpe:2.3:h:varta:element_s1:-:*:*:*:*:*:*:* cpe:2.3:o:varta:one_l_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:varta:pulse_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:varta:one_xl:-:*:*:*:*:*:*:* |
|
First Time |
Varta element Backup Firmware
Varta pulse Varta element S2 Varta one Xl Varta element S1 Firmware Varta element S4 Firmware Varta element S3 Firmware Varta element S2 Firmware Varta Varta element S4 Varta one L Varta element S1 Varta one Xl Firmware Varta pulse Firmware Varta one L Firmware Varta element Backup Varta element S3 |
23 Mar 2023, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-23 06:15
Updated : 2023-12-10 15:01
NVD link : CVE-2022-22512
Mitre link : CVE-2022-22512
CVE.ORG link : CVE-2022-22512
JSON object : View
Products Affected
varta
- element_s1_firmware
- element_s2_firmware
- element_s1
- one_xl
- element_s2
- element_s3_firmware
- one_l
- element_s4
- one_l_firmware
- pulse_firmware
- pulse
- element_backup
- element_backup_firmware
- element_s4_firmware
- one_xl_firmware
- element_s3
CWE
CWE-798
Use of Hard-coded Credentials