CVE-2022-3187
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do not verify the validity of a user. Attackers could leverage this lack of verification to read the state of outlets.
Las versiones de FW de Dataprobe iBoot-PDU anteriores a 1.42.06162022 contienen una vulnerabilidad donde ciertas páginas PHP solo se validan cuando se establece una conexión válida con la base de datos. Sin embargo, estas páginas PHP no verifican la validez de un usuario. Los atacantes podrían aprovechar esta falta de verificación para leer el estado de los puntos de venta.
*Credits:
Uri Katz, Claroty Research
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-09-12 CVE Reserved
- 2022-12-21 CVE Published
- 2024-07-13 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-285: Improper Authorization
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03 | 2023-11-07 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dataprobe Search vendor "Dataprobe" | Iboot-pdu4-n20 Firmware Search vendor "Dataprobe" for product "Iboot-pdu4-n20 Firmware" | < 1.42.06162022 Search vendor "Dataprobe" for product "Iboot-pdu4-n20 Firmware" and version " < 1.42.06162022" | - |
Affected
| in | Dataprobe Search vendor "Dataprobe" | Iboot-pdu4-n20 Search vendor "Dataprobe" for product "Iboot-pdu4-n20" | - | - |
Safe
|
| Dataprobe Search vendor "Dataprobe" | Iboot-pdu4sa-n15 Firmware Search vendor "Dataprobe" for product "Iboot-pdu4sa-n15 Firmware" | < 1.42.06162022 Search vendor "Dataprobe" for product "Iboot-pdu4sa-n15 Firmware" and version " < 1.42.06162022" | - |
Affected
| in | Dataprobe Search vendor "Dataprobe" | Iboot-pdu4sa-n15 Search vendor "Dataprobe" for product "Iboot-pdu4sa-n15" | - | - |
Safe
|
| Dataprobe Search vendor "Dataprobe" | Iboot-pdu4a-n15 Firmware Search vendor "Dataprobe" for product "Iboot-pdu4a-n15 Firmware" | < 1.42.06162022 Search vendor "Dataprobe" for product "Iboot-pdu4a-n15 Firmware" and version " < 1.42.06162022" | - |
Affected
| in | Dataprobe Search vendor "Dataprobe" | Iboot-pdu4a-n15 Search vendor "Dataprobe" for product "Iboot-pdu4a-n15" | - | - |
Safe
|
| Dataprobe Search vendor "Dataprobe" | Iboot-pdu4sa-n20 Firmware Search vendor "Dataprobe" for product "Iboot-pdu4sa-n20 Firmware" | < 1.42.06162022 Search vendor "Dataprobe" for product "Iboot-pdu4sa-n20 Firmware" and version " < 1.42.06162022" | - |
Affected
| in | Dataprobe Search vendor "Dataprobe" | Iboot-pdu4sa-n20 Search vendor "Dataprobe" for product "Iboot-pdu4sa-n20" | - | - |
Safe
|
| Dataprobe Search vendor "Dataprobe" | Iboot-pdu4a-n20 Firmware Search vendor "Dataprobe" for product "Iboot-pdu4a-n20 Firmware" | < 1.42.06162022 Search vendor "Dataprobe" for product "Iboot-pdu4a-n20 Firmware" and version " < 1.42.06162022" | - |
Affected
| in | Dataprobe Search vendor "Dataprobe" | Iboot-pdu4a-n20 Search vendor "Dataprobe" for product "Iboot-pdu4a-n20" | - | - |
Safe
|
| Dataprobe Search vendor "Dataprobe" | Iboot-pdu8sa-n15 Firmware Search vendor "Dataprobe" for product "Iboot-pdu8sa-n15 Firmware" | < 1.42.06162022 Search vendor "Dataprobe" for product "Iboot-pdu8sa-n15 Firmware" and version " < 1.42.06162022" | - |
Affected
| in | Dataprobe Search vendor "Dataprobe" | Iboot-pdu8sa-n15 Search vendor "Dataprobe" for product "Iboot-pdu8sa-n15" | - | - |
Safe
|
| Dataprobe Search vendor "Dataprobe" | Iboot-pdu8a-n15 Firmware Search vendor "Dataprobe" for product "Iboot-pdu8a-n15 Firmware" | < 1.42.06162022 Search vendor "Dataprobe" for product "Iboot-pdu8a-n15 Firmware" and version " < 1.42.06162022" | - |
Affected
| in | Dataprobe Search vendor "Dataprobe" | Iboot-pdu8a-n15 Search vendor "Dataprobe" for product "Iboot-pdu8a-n15" | - | - |
Safe
|
| Dataprobe Search vendor "Dataprobe" | Iboot-pdu8sa-2n15 Firmware Search vendor "Dataprobe" for product "Iboot-pdu8sa-2n15 Firmware" | < 1.42.06162022 Search vendor "Dataprobe" for product "Iboot-pdu8sa-2n15 Firmware" and version " < 1.42.06162022" | - |
Affected
| in | Dataprobe Search vendor "Dataprobe" | Iboot-pdu8sa-2n15 Search vendor "Dataprobe" for product "Iboot-pdu8sa-2n15" | - | - |
Safe
|
| Dataprobe Search vendor "Dataprobe" | Iboot-pdu8a-2n15 Firmware Search vendor "Dataprobe" for product "Iboot-pdu8a-2n15 Firmware" | < 1.42.06162022 Search vendor "Dataprobe" for product "Iboot-pdu8a-2n15 Firmware" and version " < 1.42.06162022" | - |
Affected
| in | Dataprobe Search vendor "Dataprobe" | Iboot-pdu8a-2n15 Search vendor "Dataprobe" for product "Iboot-pdu8a-2n15" | - | - |
Safe
|
| Dataprobe Search vendor "Dataprobe" | Iboot-pdu8sa-n20 Firmware Search vendor "Dataprobe" for product "Iboot-pdu8sa-n20 Firmware" | < 1.42.06162022 Search vendor "Dataprobe" for product "Iboot-pdu8sa-n20 Firmware" and version " < 1.42.06162022" | - |
Affected
| in | Dataprobe Search vendor "Dataprobe" | Iboot-pdu8sa-n20 Search vendor "Dataprobe" for product "Iboot-pdu8sa-n20" | - | - |
Safe
|
| Dataprobe Search vendor "Dataprobe" | Iboot-pdu8a-n20 Firmware Search vendor "Dataprobe" for product "Iboot-pdu8a-n20 Firmware" | < 1.42.06162022 Search vendor "Dataprobe" for product "Iboot-pdu8a-n20 Firmware" and version " < 1.42.06162022" | - |
Affected
| in | Dataprobe Search vendor "Dataprobe" | Iboot-pdu8a-n20 Search vendor "Dataprobe" for product "Iboot-pdu8a-n20" | - | - |
Safe
|
| Dataprobe Search vendor "Dataprobe" | Iboot-pdu8a-2n20 Firmware Search vendor "Dataprobe" for product "Iboot-pdu8a-2n20 Firmware" | < 1.42.06162022 Search vendor "Dataprobe" for product "Iboot-pdu8a-2n20 Firmware" and version " < 1.42.06162022" | - |
Affected
| in | Dataprobe Search vendor "Dataprobe" | Iboot-pdu8a-2n20 Search vendor "Dataprobe" for product "Iboot-pdu8a-2n20" | - | - |
Safe
|