CVE-2022-30018
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Protected Credentials, Storing Passwords in a Recoverable Format via the MxCC.ini config file. The credential storage method in this software enables an attacker/user of the machine to gain admin access to the software and gain access to recordings/recording locations.
Mobotix Control Center (MxCC) versiones hasta 2.5.4.5, presenta unas credenciales insuficientemente protegidas, almacenando las contraseñas en un formato recuperable por medio del archivo de configuración MxCC.ini. El método de almacenamiento de credenciales en este software permite a un atacante/usuario de la máquina conseguir acceso de administrador al software y conseguir acceso a las grabaciones/ubicaciones de grabación
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-05-02 CVE Reserved
- 2022-05-19 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-522: Insufficiently Protected Credentials
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/PurplePetrus/MxCC_Credential-Storage_issue/blob/main/MxCC_improper_credential_storage | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mobotix Search vendor "Mobotix" | Mxcontrolcenter Search vendor "Mobotix" for product "Mxcontrolcenter" | <= 2.5.4.5 Search vendor "Mobotix" for product "Mxcontrolcenter" and version " <= 2.5.4.5" | - |
Affected
| ||||||