CVE-2022-22512

Summary

Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network.

Affected Software

VendorProductVersion RangeStatus
VARTA StorageElement backup0 < F21000400affected
VARTA StorageElement S10 < 2e.3.8.0affected
VARTA StorageElement S20 < 2e.3.8.0affected
VARTA StorageElement S20 < 2e.3.8.0affected
VARTA StorageElement S30 < 2e.3.8.0affected
VARTA StorageElement S30 < 2e.4.4.0affected
VARTA StorageElement S40 < D21010400affected
VARTA StorageOne L/XL0 < 2e.3.8.0affected
VARTA StoragePulse (not pulse neo)0 < C21010800affected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-coded Credentials

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References