Lucene search

[email protected]CVE-2022-3187

HistoryDec 21, 2022 - 11:15 p.m.

CVE-2022-3187

2022-12-2123:15:09

CWE-285

[email protected]

web.nvd.nist.gov

cve-2022-3187

dataprobe

iboot-pdu

firmware

vulnerability

php

database

security

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.6%

JSON

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do not verify the validity of a user. Attackers could leverage this lack of verification to read the state of outlets.

Affected configurations

NVD

Node

dataprobeiboot-pdu4-n20_firmwareRange<1.42.06162022

AND

dataprobeiboot-pdu4-n20Match-

Node

dataprobeiboot-pdu4sa-n15_firmwareRange<1.42.06162022

AND

dataprobeiboot-pdu4sa-n15Match-

Node

dataprobeiboot-pdu4a-n15_firmwareRange<1.42.06162022

AND

dataprobeiboot-pdu4a-n15Match-

Node

dataprobeiboot-pdu4sa-n20_firmwareRange<1.42.06162022

AND

dataprobeiboot-pdu4sa-n20Match-

Node

dataprobeiboot-pdu4a-n20_firmwareRange<1.42.06162022

AND

dataprobeiboot-pdu4a-n20Match-

Node

dataprobeiboot-pdu8sa-n15_firmwareRange<1.42.06162022

AND

dataprobeiboot-pdu8sa-n15Match-

Node

dataprobeiboot-pdu8a-n15_firmwareRange<1.42.06162022

AND

dataprobeiboot-pdu8a-n15Match-

Node

dataprobeiboot-pdu8sa-2n15_firmwareRange<1.42.06162022

AND

dataprobeiboot-pdu8sa-2n15Match-

Node

dataprobeiboot-pdu8a-2n15_firmwareRange<1.42.06162022

AND

dataprobeiboot-pdu8a-2n15Match-

Node

dataprobeiboot-pdu8sa-n20_firmwareRange<1.42.06162022

AND

dataprobeiboot-pdu8sa-n20Match-

Node

dataprobeiboot-pdu8a-n20_firmwareRange<1.42.06162022

AND

dataprobeiboot-pdu8a-n20Match-

Node

dataprobeiboot-pdu8a-2n20_firmwareRange<1.42.06162022

AND

dataprobeiboot-pdu8a-2n20Match-

CPENameOperatorVersion
dataprobe:iboot-pdu4-n20_firmwaredataprobe iboot-pdu4-n20 firmwarelt1.42.06162022

CPE	Name	Operator	Version
dataprobe:iboot-pdu4-n20_firmware	dataprobe iboot-pdu4-n20 firmware	lt	1.42.06162022

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "iBoot-PDU FW",
    "vendor": "Dataprobe",
    "versions": [
      {
        "lessThanOrEqual": "1.42.06162022",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-22-263-03

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.6%

JSON

Related for CVE-2022-3187

prion1 cvelist1 nvd1 ics1