Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do not verify the validity of a user. Attackers could leverage this lack of verification to read the state of outlets.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03 | Patch Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
History
07 Nov 2023, 03:50
Type | Values Removed | Values Added |
---|---|---|
Summary | Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do not verify the validity of a user. Attackers could leverage this lack of verification to read the state of outlets. |
28 Dec 2022, 18:32
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
References | (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03 - Patch, Third Party Advisory, US Government Resource | |
First Time |
Dataprobe iboot-pdu8sa-n15
Dataprobe iboot-pdu8sa-2n15 Dataprobe Dataprobe iboot-pdu8a-2n20 Firmware Dataprobe iboot-pdu8a-n20 Firmware Dataprobe iboot-pdu4-n20 Firmware Dataprobe iboot-pdu4sa-n20 Firmware Dataprobe iboot-pdu4a-n15 Firmware Dataprobe iboot-pdu8a-n15 Firmware Dataprobe iboot-pdu8a-2n15 Dataprobe iboot-pdu4sa-n15 Firmware Dataprobe iboot-pdu8a-2n15 Firmware Dataprobe iboot-pdu8a-2n20 Dataprobe iboot-pdu4a-n15 Dataprobe iboot-pdu4sa-n20 Dataprobe iboot-pdu8a-n15 Dataprobe iboot-pdu4-n20 Dataprobe iboot-pdu4a-n20 Dataprobe iboot-pdu4sa-n15 Dataprobe iboot-pdu8sa-n20 Firmware Dataprobe iboot-pdu8sa-n15 Firmware Dataprobe iboot-pdu4a-n20 Firmware Dataprobe iboot-pdu8a-n20 Dataprobe iboot-pdu8sa-n20 Dataprobe iboot-pdu8sa-2n15 Firmware |
|
CPE | cpe:2.3:o:dataprobe:iboot-pdu8sa-n20_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu8a-2n15:-:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu8sa-n15_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu8a-n15_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu8sa-2n15_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu4-n20:-:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu4a-n20:-:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu8a-2n20:-:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu8a-2n20_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu8sa-n15:-:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu8sa-2n15:-:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu4sa-n20:-:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu4a-n15:-:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu4sa-n15:-:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu8a-n15:-:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu8a-n20:-:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu8a-2n15_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu4sa-n15_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu4-n20_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu4sa-n20_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dataprobe:iboot-pdu8sa-n20:-:*:*:*:*:*:*:* cpe:2.3:o:dataprobe:iboot-pdu8a-n20_firmware:*:*:*:*:*:*:*:* |
21 Dec 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-21 23:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-3187
Mitre link : CVE-2022-3187
CVE.ORG link : CVE-2022-3187
JSON object : View
Products Affected
dataprobe
- iboot-pdu4a-n15_firmware
- iboot-pdu8sa-2n15
- iboot-pdu8a-n20
- iboot-pdu4a-n20_firmware
- iboot-pdu8sa-n20
- iboot-pdu8sa-2n15_firmware
- iboot-pdu8a-2n15_firmware
- iboot-pdu4-n20_firmware
- iboot-pdu4sa-n15
- iboot-pdu4a-n20
- iboot-pdu8sa-n15_firmware
- iboot-pdu8sa-n15
- iboot-pdu8a-n20_firmware
- iboot-pdu4a-n15
- iboot-pdu4sa-n15_firmware
- iboot-pdu8a-2n20_firmware
- iboot-pdu4sa-n20_firmware
- iboot-pdu8a-n15
- iboot-pdu4sa-n20
- iboot-pdu8a-n15_firmware
- iboot-pdu8a-2n15
- iboot-pdu8a-2n20
- iboot-pdu4-n20
- iboot-pdu8sa-n20_firmware
CWE
CWE-285
Improper Authorization