In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number and thus gain full control of the device.
References
Link | Resource |
---|---|
https://cert.vde.com/en/advisories/VDE-2022-050/ | Third Party Advisory |
Configurations
History
07 Nov 2023, 03:51
Type | Values Removed | Values Added |
---|---|---|
Summary | In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number and thus gain full control of the device. |
Information
Published : 2022-12-12 12:15
Updated : 2024-02-28 19:51
NVD link : CVE-2022-3485
Mitre link : CVE-2022-3485
CVE.ORG link : CVE-2022-3485
JSON object : View
Products Affected
ifm
- moneo_qha210
- moneo_qha200
- moneo_qha200_firmware
- moneo_qha210_firmware
CWE
CWE-640
Weak Password Recovery Mechanism for Forgotten Password