CVE-2022-22987
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Advantech | ADAM-3600 | ADAM-3600 <= 2.6.2 | affected |
Weaknesses
- CWE-321: CWE-321 Use of Hard-coded Cryptographic Key
Workarounds
Advantech is aware of the issue and is currently developing a solution. For more information, contact Advantech technical support.
Advantech recommends users add their own generated SSL private key.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.