CVE-2022-4621 - Vulnerability Details - OpenCVE

Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are
vulnerable to CSRFs that can be exploited to allow an attacker to
perform changes with administrator level privileges.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00124.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Panasonic	Vcc-hd2100p Vcc-hd2100p Firmware Vcc-hd3100p Vcc-hd3100p Firmware Vcc-hd3300 Vcc-hd3300 Firmware Vcc-hd3300p Vcc-hd3300p Firmware Vcc-hd5600p Vcc-hd5600p Firmware

Configuration 1 [-]

AND

cpe:2.3:o:panasonic:vcc-hd5600p_firmware:2.03-06:*:*:*:*:*:*:*

cpe:2.3:h:panasonic:vcc-hd5600p:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:panasonic:vcc-hd3300p_firmware:1.02-05:::::::*
	cpe:2.3:o:panasonic:vcc-hd3300p_firmware:2.03-08:::::::*

cpe:2.3:h:panasonic:vcc-hd3300p:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:panasonic:vcc-hd3300_firmware:2.03-02:*:*:*:*:*:*:*

cpe:2.3:h:panasonic:vcc-hd3300:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:panasonic:vcc-hd2100p_firmware:2.03-02:*:*:*:*:*:*:*

cpe:2.3:h:panasonic:vcc-hd2100p:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:panasonic:vcc-hd3100p_firmware:2.03-00:*:*:*:*:*:*:*

cpe:2.3:h:panasonic:vcc-hd3100p:-:*:*:*:*:*:*:*

No data.

No data.

References

Link	Providers
https://archives.connect.panasonic.com/security/sanyo/index.html
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-04

History

Thu, 16 Jan 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2023-01-17T16:36:58.518Z

Updated: 2025-01-16T22:01:13.339Z

Reserved: 2022-12-20T20:32:16.035Z

Link: CVE-2022-4621

Vulnrichment

Updated: 2024-08-03T01:48:39.080Z

NVD

Status : Modified

Published: 2023-01-17T17:15:11.730

Modified: 2024-11-21T07:35:36.750

Link: CVE-2022-4621

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-4621", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2022-12-20T20:32:16.035Z", "datePublished": "2023-01-17T16:36:58.518Z", "dateUpdated": "2025-01-16T22:01:13.339Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Sanyo CCTV Network Camera", "vendor": "Panasonic", "versions": [{"status": "affected", "version": "VCC-HD5600P version 2.03-06 "}, {"status": "affected", "version": "VDC-HD3300P version 2.03-08 "}, {"status": "affected", "version": "VDC-HD3300P version 1.02-05 "}, {"status": "affected", "version": "VCC-HD3300 version 2.03-02 "}, {"status": "affected", "version": "VDC-HD3100P version 2.03-00 "}, {"status": "affected", "version": "VCC-HD2100P version 2.03-02 "}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Gjoko Krstic of Zero Science Lab"}], "datePublic": "2023-01-12T16:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\nPanasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are \nvulnerable to CSRFs that can be exploited to allow an attacker to \nperform changes with administrator level privileges. \n\n<p></p>"}], "value": "Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are \nvulnerable to CSRFs that can be exploited to allow an attacker to \nperform changes with administrator level privileges. \n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-01-17T16:36:58.518Z"}, "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-04"}, {"url": "https://archives.connect.panasonic.com/security/sanyo/index.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Panasonic has stated that Sanyo Electric Camera Systems are no longer in production and released this </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://archives.connect.panasonic.com/security/sanyo/index.html\">advisory</a><span style=\"background-color: rgb(255, 255, 255);\">. All repair requests and other support requests via email or phone will be available.</span>\n\n<br>"}], "value": "\nPanasonic has stated that Sanyo Electric Camera Systems are no longer in production and released this advisory https://archives.connect.panasonic.com/security/sanyo/index.html . All repair requests and other support requests via email or phone will be available.\n\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "Panasonic Sanyo CCTV Network Camera", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:48:39.080Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-04", "tags": ["x_transferred"]}, {"url": "https://archives.connect.panasonic.com/security/sanyo/index.html", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-16T20:57:19.648173Z", "id": "CVE-2022-4621", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-16T22:01:13.339Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-04", "tags": ["x_transferred"]}, {"url": "https://archives.connect.panasonic.com/security/sanyo/index.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:48:39.080Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-4621", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-16T20:57:19.648173Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-16T20:57:21.032Z"}}], "cna": {"title": "Panasonic Sanyo CCTV Network Camera", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Gjoko Krstic of Zero Science Lab"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Panasonic", "product": "Sanyo CCTV Network Camera", "versions": [{"status": "affected", "version": "VCC-HD5600P version 2.03-06 "}, {"status": "affected", "version": "VDC-HD3300P version 2.03-08 "}, {"status": "affected", "version": "VDC-HD3300P version 1.02-05 "}, {"status": "affected", "version": "VCC-HD3300 version 2.03-02 "}, {"status": "affected", "version": "VDC-HD3100P version 2.03-00 "}, {"status": "affected", "version": "VCC-HD2100P version 2.03-02 "}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "\nPanasonic has stated that Sanyo Electric Camera Systems are no longer in production and released this advisory https://archives.connect.panasonic.com/security/sanyo/index.html . All repair requests and other support requests via email or phone will be available.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Panasonic has stated that Sanyo Electric Camera Systems are no longer in production and released this </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://archives.connect.panasonic.com/security/sanyo/index.html\">advisory</a><span style=\"background-color: rgb(255, 255, 255);\">. All repair requests and other support requests via email or phone will be available.</span>\n\n<br>", "base64": false}]}], "datePublic": "2023-01-12T16:30:00.000Z", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-04"}, {"url": "https://archives.connect.panasonic.com/security/sanyo/index.html"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are \nvulnerable to CSRFs that can be exploited to allow an attacker to \nperform changes with administrator level privileges. \n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\nPanasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are \nvulnerable to CSRFs that can be exploited to allow an attacker to \nperform changes with administrator level privileges. \n\n<p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-01-17T16:36:58.518Z"}}}, "cveMetadata": {"cveId": "CVE-2022-4621", "state": "PUBLISHED", "dateUpdated": "2025-01-16T22:01:13.339Z", "dateReserved": "2022-12-20T20:32:16.035Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2023-01-17T16:36:58.518Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:panasonic:vcc-hd5600p_firmware:2.03-06:*:*:*:*:*:*:*", "matchCriteriaId": "6092D5A0-D160-419D-9331-474596BDC352", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:panasonic:vcc-hd5600p:-:*:*:*:*:*:*:*", "matchCriteriaId": "BEEE23B6-A8AF-4DFE-8DA4-7F1D8866204E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:panasonic:vcc-hd3300p_firmware:1.02-05:*:*:*:*:*:*:*", "matchCriteriaId": "4FACF605-7033-4B1A-9BEA-EB73FAC16701", "vulnerable": true}, {"criteria": "cpe:2.3:o:panasonic:vcc-hd3300p_firmware:2.03-08:*:*:*:*:*:*:*", "matchCriteriaId": "5D068E9E-EF01-4054-A3E5-DEB3D2F88483", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:panasonic:vcc-hd3300p:-:*:*:*:*:*:*:*", "matchCriteriaId": "B47AC573-A35B-4643-A768-6BA516FFC915", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:panasonic:vcc-hd3300_firmware:2.03-02:*:*:*:*:*:*:*", "matchCriteriaId": "0C8B7EDD-1958-4502-84EA-40AA4D6A7EFB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:panasonic:vcc-hd3300:-:*:*:*:*:*:*:*", "matchCriteriaId": "3F45BFB2-D9FE-4E19-A93C-C527B249421A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:panasonic:vcc-hd2100p_firmware:2.03-02:*:*:*:*:*:*:*", "matchCriteriaId": "175E7140-7D6E-4875-97D1-76F89F0DD0BC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:panasonic:vcc-hd2100p:-:*:*:*:*:*:*:*", "matchCriteriaId": "58EB1D22-E611-4C6D-9208-82E5BD18C4E2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:panasonic:vcc-hd3100p_firmware:2.03-00:*:*:*:*:*:*:*", "matchCriteriaId": "348D6672-A6C5-4C69-B1A6-BC4B8DD3D2C0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:panasonic:vcc-hd3100p:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7FEAB1E-2A1F-45F8-B317-CBBE242FFD03", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are \nvulnerable to CSRFs that can be exploited to allow an attacker to \nperform changes with administrator level privileges. \n\n\n\n"}, {"lang": "es", "value": "Las c\u00e1maras de red Panasonic Sanyo CCTV en las versiones 1.02-05 y 2.03-0x son vulnerables a CSRF que pueden explotarse permitiendo que un atacante realice cambios con privilegios de nivel de administrador."}], "id": "CVE-2022-4621", "lastModified": "2024-11-21T07:35:36.750", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-17T17:15:11.730", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Vendor Advisory"], "url": "https://archives.connect.panasonic.com/security/sanyo/index.html"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://archives.connect.panasonic.com/security/sanyo/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-04"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}