CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
0.4%
The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response.
Vendor | Product | Version | CPE |
---|---|---|---|
iconics | genesis32 | * | cpe:2.3:a:iconics:genesis32:*:*:*:*:*:*:*:* |
iconics | genesis32 | 8.05 | cpe:2.3:a:iconics:genesis32:8.05:*:*:*:*:*:*:* |
iconics | genesis32 | 9.0 | cpe:2.3:a:iconics:genesis32:9.0:*:*:*:*:*:*:* |
iconics | genesis32 | 9.1 | cpe:2.3:a:iconics:genesis32:9.1:*:*:*:*:*:*:* |
iconics | genesis32 | 9.01 | cpe:2.3:a:iconics:genesis32:9.01:*:*:*:*:*:*:* |
iconics | genesis32 | 9.2 | cpe:2.3:a:iconics:genesis32:9.2:*:*:*:*:*:*:* |
iconics | genesis32 | 9.13 | cpe:2.3:a:iconics:genesis32:9.13:*:*:*:*:*:*:* |
iconics | genesis32 | 9.20 | cpe:2.3:a:iconics:genesis32:9.20:*:*:*:*:*:*:* |
iconics | genesis32 | 9.21 | cpe:2.3:a:iconics:genesis32:9.21:*:*:*:*:*:*:* |
iconics | bizviz | * | cpe:2.3:a:iconics:bizviz:*:*:*:*:*:*:*:* |