CVE-2022-3010

Summary

The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite.

Affected Software

VendorProductVersion RangeStatus
PrivaTopControl Suite - BacnetAll versions prior to 8.7.8.0 < 8.7.8.0affected
PrivaTopControl Suite - Blue IDAll versions prior to 8.7.8.0 < 8.7.8.0affected
PrivaTopControl Suite - CompassAll versions prior to 8.7.8.0 < 8.7.8.0affected
PrivaTopControl Suite - ConnectAll versions prior to 8.7.8.0 < 8.7.8.0affected
PrivaTopControl Suite - TPCAll versions prior to 8.7.8.0 < 8.7.8.0affected

Weaknesses

  • CWE-1391: CWE-1391 Use of Weak Credentials

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References