CVE-2022-3010
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Priva | TopControl Suite - Bacnet | All versions prior to 8.7.8.0 < 8.7.8.0 | affected |
| Priva | TopControl Suite - Blue ID | All versions prior to 8.7.8.0 < 8.7.8.0 | affected |
| Priva | TopControl Suite - Compass | All versions prior to 8.7.8.0 < 8.7.8.0 | affected |
| Priva | TopControl Suite - Connect | All versions prior to 8.7.8.0 < 8.7.8.0 | affected |
| Priva | TopControl Suite - TPC | All versions prior to 8.7.8.0 < 8.7.8.0 | affected |
Weaknesses
- CWE-1391: CWE-1391 Use of Weak Credentials
ADP Enrichment
CVE Program Container
Additional References
- https://csirt.divd.nl/CVE-2022-3010
- https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-01
- https://csirt.divd.nl/DIVD-2022-00035
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://csirt.divd.nl/CVE-2022-3010
- https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-01
- https://csirt.divd.nl/DIVD-2022-00035
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.