OpenCVE

Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hornerautomation	Rcc972 Rcc972 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:hornerautomation:rcc972_firmware:15.40:*:*:*:*:*:*:*

cpe:2.3:h:hornerautomation:rcc972:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-22-335-02

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2022-12-12T01:49:10.008967Z

Updated: 2024-09-17T02:05:41.381Z

Reserved: 2022-08-03T00:00:00

Link: CVE-2022-2641

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-12-02T20:15:13.513

Modified: 2022-12-06T12:33:17.203

Link: CVE-2022-2641

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hornerautomation:rcc972_firmware:15.40:*:*:*:*:*:*:*", "matchCriteriaId": "ED633A76-0083-4FCB-8FF3-D0AF4CC58768", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hornerautomation:rcc972:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FF8A08F-B51C-419A-A74D-02F636C19DA9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Horner Automation\u2019s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition."}, {"lang": "es", "value": "El RCC 972 de Horner Automation con la versi\u00f3n de firmware 15.40 tiene una clave de cifrado est\u00e1tica en el dispositivo. Esto podr\u00eda permitir que un atacante realice cambios no autorizados en el dispositivo, ejecute c\u00f3digo arbitrario de forma remota o provoque una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS)."}], "id": "CVE-2022-2641", "lastModified": "2022-12-06T12:33:17.203", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2022-12-02T20:15:13.513", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-335-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-321"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}