CVE-2022-3010

The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite.
Configurations

Configuration 1 (hide)

cpe:2.3:a:priva:top_control_suite:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:18

Type Values Removed Values Added
References () https://csirt.divd.nl/CVE-2022-3010 - Broken Link () https://csirt.divd.nl/CVE-2022-3010 - Broken Link
References () https://csirt.divd.nl/DIVD-2022-00035 - Broken Link () https://csirt.divd.nl/DIVD-2022-00035 - Broken Link
References () https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-01 - Third Party Advisory, US Government Resource () https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-01 - Third Party Advisory, US Government Resource

09 Jan 2024, 16:37

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:priva:top_control_suite:*:*:*:*:*:*:*:*
First Time Priva top Control Suite
Priva
CWE CWE-916
References () https://csirt.divd.nl/CVE-2022-3010 - () https://csirt.divd.nl/CVE-2022-3010 - Broken Link
References () https://csirt.divd.nl/DIVD-2022-00035 - () https://csirt.divd.nl/DIVD-2022-00035 - Broken Link
References () https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-01 - () https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-01 - Third Party Advisory, US Government Resource

02 Jan 2024, 19:36

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-02 19:15

Updated : 2024-11-21 07:18


NVD link : CVE-2022-3010

Mitre link : CVE-2022-3010

CVE.ORG link : CVE-2022-3010


JSON object : View

Products Affected

priva

  • top_control_suite
CWE
CWE-1391

Use of Weak Credentials

CWE-916

Use of Password Hash With Insufficient Computational Effort