CVE-2022-2569
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ARC Informatique | PcVue 12 OAuth web service configuration | All < 12.0.27 | affected |
| ARC Informatique | PcVue 15 OAuth web service configuration | All | affected |
Weaknesses
- CWE-312: CWE-312 Cleartext Storage of Sensitive Information
Workarounds
ARC Informatique has identified additional steps users can apply to reduce the risk:
Uninstall the Web Server All users not using the affected component should uninstall the web server. The OAuth web service and its configuration are part of the Web Server for PcVue. If the system does not require Web & Mobile features, then users should not install them. Users should contact ARC Informatique’s PcVue Solutions for assistance with the above steps.
For additional information, visit the public ARC Informatique security alert page. PcVue 15 does not have a fix released yet, but is in the works.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.