// For flags

CVE-2022-2967

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5 and prior do not sufficiently protect credentials, which could allow an attacker to obtain user credentials and gain access to system data.

La versión del servidor de simulación Prosys OPC UA anterior a la v5.3.0-64 y las versiones del UA Modbus Server 1.4.18-5 y anteriores no protegen suficientemente las credenciales, lo que podría permitir a un atacante obtener credenciales de usuario y acceder a los datos del sistema.

*Credits: Parvin Kumar, Dr. Sriharsha Etigowni, and Prof. Dongyan Xu of Purdue University West Lafayette reported this vulnerability to CISA.
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-08-23 CVE Reserved
  • 2023-01-03 CVE Published
  • 2024-07-26 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-522: Insufficiently Protected Credentials
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Prosysopc
Search vendor "Prosysopc"
Ua Modbus Server
Search vendor "Prosysopc" for product "Ua Modbus Server"
< 1.4.20
Search vendor "Prosysopc" for product "Ua Modbus Server" and version " < 1.4.20"
-
Affected
Prosysopc
Search vendor "Prosysopc"
Ua Simulation Server
Search vendor "Prosysopc" for product "Ua Simulation Server"
< 5.4.0
Search vendor "Prosysopc" for product "Ua Simulation Server" and version " < 5.4.0"
-
Affected