CVE-2022-21798 Vulnerability Details

  /     /     /  

CVE-2022-21798 Metadata Quick Info

CVE Published: 25/02/2022 | CVE Updated: 16/09/2024 | CVE Year: 2022
Source: icscert | Vendor: General Electric | Product: Proficy CIMPLICITY
Status : PUBLISHED

---

CVE-2022-21798 Description

The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system.

Metrics

CVSS Version: 3.1 | Base Score: 7.5 HIGH
Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* ADJACENT_NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-319
CWE Name: CWE-319 Cleartext Transmission of Sensitive Information
Source: General Electric

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).