CVE-2022-3010

The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:priva:top_control_suite:*:*:*:*:*:*:*:*

History

09 Jan 2024, 16:37

Type Values Removed Values Added
References () https://csirt.divd.nl/CVE-2022-3010 - () https://csirt.divd.nl/CVE-2022-3010 - Broken Link
References () https://csirt.divd.nl/DIVD-2022-00035 - () https://csirt.divd.nl/DIVD-2022-00035 - Broken Link
References () https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-01 - () https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-01 - Third Party Advisory, US Government Resource
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:priva:top_control_suite:*:*:*:*:*:*:*:*
First Time Priva top Control Suite
Priva
CWE CWE-916

02 Jan 2024, 19:36

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-02 19:15

Updated : 2024-02-28 20:54


NVD link : CVE-2022-3010

Mitre link : CVE-2022-3010

CVE.ORG link : CVE-2022-3010


JSON object : View

Products Affected

priva

  • top_control_suite
CWE
CWE-916

Use of Password Hash With Insufficient Computational Effort

CWE-1391

Use of Weak Credentials