CVE-2022-3089

Last Updated: April 8, 2024

CVE ID: CVE-2022-3089

Publication Date: 2023-02-13

Severity: Medium

Vulnerability Summary

The affected product stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer.

Affected Systems

Vendor: EnOcean Edge Inc.

Product & Version: EnOcean SmartServer: v2.2 SR8/SP8 (4.12.006) with i.LON Vision v2.2 SR8/SP8 (4.12.006)

Technical Details

The vulnerability enables attackers who obtain the credentials file to control the web user interface and file transfer protocol (FTP) server.

Remediation

Fixed in: SmartServer 3.5 Update 2 (v3.52.003)

Credits

The vulnerability was identified by Chizuru Toyama of TXOne Networks.

Questions About This Advisory?

Our PSIRT team is here to help with security-related inquiries.

psirt@txone.com

← Back to PSIRT