CVE-2022-2967

Summary

Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5 and prior do not sufficiently protect credentials, which could allow an attacker to obtain user credentials and gain access to system data.

Affected Software

VendorProductVersion RangeStatus
Prosys OPCUA Simulation Server0 < 5.3.0-64affected
Prosys OPCUA Modbus Server0 <= 1.4.18-5affected

Weaknesses

  • CWE-522: CWE-522 Insufficiently Protected Credentials

Workarounds

Prosys also recommends additional workarounds to mitigate exploitation of this vulnerability:

  • Restart the application after modifying user passwords.

For more information, users can refer to the Prosys OPC security blog https://www.prosysopc.com/blog/#Security .

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References