CVE-2022-38355

Summary

Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to

attackers with access to the local area network (LAN) to disclose sensitive information stored by the affected product without requiring authentication.

Affected Software

VendorProductVersion RangeStatus
DaikinSVMPC10 <= 2.1.22affected
DaikinSVMPC20 <= 1.2.3affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References