HIGH🇵🇱 Wersja polska

CVE-2022-2640

CVSS 7.5v3.1pub. 2022-12-02upd. 2024-11-21

The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP).

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Hornerautomation Rcc972

    HW
    Hornerautomation
    wszystkie wersje
  • Hornerautomation Rcc972 Firmware

    OS
    Hornerautomation
    15.40
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-2641CRITICAL9.8ten sam produkt

Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could ...

CVE-2022-2642HIGH7.5ten sam produkt

Horner Automation’s RCC 972 firmware version 15.40 contains global variables. This could allow an attacker to ...

CVE-2023-7206HIGH7.8ten sam vendor

In Horner Automation Cscape versions 9.90 SP10 and prior, local attackers are able to exploit this vulnerabil...

CVE-2023-28653HIGH7.8ten sam vendor

The affected application lacks proper validation of user-supplied data when parsing project f...

CVE-2023-27916HIGH7.8ten sam vendor

The affected application lacks proper validation of user-supplied data when parsing font files ...