CVE-2022-2641
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition.
El RCC 972 de Horner Automation con la versión de firmware 15.40 tiene una clave de cifrado estática en el dispositivo. Esto podría permitir que un atacante realice cambios no autorizados en el dispositivo, ejecute código arbitrario de forma remota o provoque una condición de Denegación de Servicio (DoS).
*Credits:
m1etz reported these vulnerabilities through the Computer Emergency Response Team, CERT-Bund, to CISA
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-08-03 CVE Reserved
- 2022-12-02 CVE Published
- 2024-09-17 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-321: Use of Hard-coded Cryptographic Key
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-335-02 | 2022-12-06 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hornerautomation Search vendor "Hornerautomation" | Rcc972 Firmware Search vendor "Hornerautomation" for product "Rcc972 Firmware" | 15.40 Search vendor "Hornerautomation" for product "Rcc972 Firmware" and version "15.40" | - |
Affected
| in | Hornerautomation Search vendor "Hornerautomation" | Rcc972 Search vendor "Hornerautomation" for product "Rcc972" | - | - |
Safe
|