CVE-2024-3742 - OpenCVE

Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2024-04-18T22:15:35.521Z

Updated: 2024-08-01T20:20:00.923Z

Reserved: 2024-04-12T19:46:39.173Z

Link: CVE-2024-3742

Vulnrichment

Updated: 2024-08-01T20:20:00.923Z

NVD

Status : Awaiting Analysis

Published: 2024-04-18T23:15:07.650

Modified: 2024-05-28T17:15:11.450

Link: CVE-2024-3742

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3742", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2024-04-12T19:46:39.173Z", "datePublished": "2024-04-18T22:15:35.521Z", "dateUpdated": "2024-08-01T20:20:00.923Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Compact DAB Transmitter", "vendor": "Electrolink", "versions": [{"status": "affected", "version": "10W"}, {"status": "affected", "version": "100W"}, {"status": "affected", "version": "250W"}]}, {"defaultStatus": "unaffected", "product": "Medium DAB Transmitter", "vendor": "Electrolink", "versions": [{"status": "affected", "version": "500W"}, {"status": "affected", "version": "1kW"}, {"status": "affected", "version": "2kW"}]}, {"defaultStatus": "unaffected", "product": "High Power DAB Transmitter", "vendor": "Electrolink", "versions": [{"status": "affected", "version": "2.5kW"}, {"status": "affected", "version": "3kW"}, {"status": "affected", "version": "4kW"}, {"status": "affected", "version": "5kW"}]}, {"defaultStatus": "unaffected", "product": "Compact FM Transmitter", "vendor": "Electrolink", "versions": [{"status": "affected", "version": "Compact FM Transmitter"}, {"status": "affected", "version": "500W"}, {"status": "affected", "version": "1kW"}, {"status": "affected", "version": "2kW"}]}, {"defaultStatus": "unaffected", "product": "Modular FM Transmitter", "vendor": "Electrolink", "versions": [{"status": "affected", "version": "3kW"}, {"status": "affected", "version": "5kW"}, {"status": "affected", "version": "10kW"}, {"status": "affected", "version": "15kW"}, {"status": "affected", "version": "20kW"}, {"status": "affected", "version": "30kW"}]}, {"defaultStatus": "unaffected", "product": "Digital FM Transmitter", "vendor": "Electrolink", "versions": [{"lessThanOrEqual": "40kW", "status": "affected", "version": "15W", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "VHF TV Transmitter", "vendor": "Electrolink", "versions": [{"status": "affected", "version": "BI"}, {"status": "affected", "version": "BIII"}]}, {"defaultStatus": "unaffected", "product": "UHF TV Transmitter", "vendor": "Electrolink", "versions": [{"lessThanOrEqual": "5kW", "status": "affected", "version": "10W", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system."}], "value": "Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-05-28T16:52:22.524Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"}], "source": {"advisory": "ICSA-24-107-02", "discovery": "EXTERNAL"}, "title": "Electrolink FM/DAB/TV Transmitter Cleartext Storage of Sensitive Information", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\">Electrolink</a> for additional information.\n\n<br>"}], "value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3742", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-07T15:38:32.607032Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:electrolink:medium_dab_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "medium dab transmitter", "versions": [{"status": "affected", "version": "2kW, 1kW, 500W"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:digital_fm_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "digital fm transmitter", "versions": [{"status": "affected", "version": "15W"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "vhf tv transmitter", "versions": [{"status": "affected", "version": "BI"}, {"status": "affected", "version": "BIII"}, {"status": "affected", "version": "10W"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "high power dab transmitter", "versions": [{"status": "affected", "version": "5kW"}, {"status": "affected", "version": "4kW"}, {"status": "affected", "version": "3kW"}, {"status": "affected", "version": "2.5kW"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "compact dab transmitter", "versions": [{"status": "affected", "version": "10W"}, {"status": "affected", "version": "100W"}, {"status": "affected", "version": "250W"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "modular fm transmitter", "versions": [{"status": "affected", "version": "3kW"}, {"status": "affected", "version": "5kW"}, {"status": "affected", "version": "10kW"}, {"status": "affected", "version": "15kW"}, {"status": "affected", "version": "20kW"}, {"status": "affected", "version": "30kW"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "compact fm transmitter", "versions": [{"status": "affected", "version": "500W"}, {"status": "affected", "version": "1kW"}, {"status": "affected", "version": "2kW"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:32:02.128Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:20:00.923Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:20:00.923Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3742", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-07T15:38:32.607032Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:electrolink:medium_dab_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "medium dab transmitter", "versions": [{"status": "affected", "version": "2kW, 1kW, 500W"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:digital_fm_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "digital fm transmitter", "versions": [{"status": "affected", "version": "15W"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "vhf tv transmitter", "versions": [{"status": "affected", "version": "BI"}, {"status": "affected", "version": "BIII"}, {"status": "affected", "version": "10W"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "high power dab transmitter", "versions": [{"status": "affected", "version": "5kW"}, {"status": "affected", "version": "4kW"}, {"status": "affected", "version": "3kW"}, {"status": "affected", "version": "2.5kW"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "compact dab transmitter", "versions": [{"status": "affected", "version": "10W"}, {"status": "affected", "version": "100W"}, {"status": "affected", "version": "250W"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "modular fm transmitter", "versions": [{"status": "affected", "version": "3kW"}, {"status": "affected", "version": "5kW"}, {"status": "affected", "version": "10kW"}, {"status": "affected", "version": "15kW"}, {"status": "affected", "version": "20kW"}, {"status": "affected", "version": "30kW"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "compact fm transmitter", "versions": [{"status": "affected", "version": "500W"}, {"status": "affected", "version": "1kW"}, {"status": "affected", "version": "2kW"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-07T15:45:47.250Z"}}], "cna": {"title": "Electrolink FM/DAB/TV Transmitter Cleartext Storage of Sensitive Information", "source": {"advisory": "ICSA-24-107-02", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Electrolink", "product": "Compact DAB Transmitter", "versions": [{"status": "affected", "version": "10W"}, {"status": "affected", "version": "100W"}, {"status": "affected", "version": "250W"}], "defaultStatus": "unaffected"}, {"vendor": "Electrolink", "product": "Medium DAB Transmitter", "versions": [{"status": "affected", "version": "500W"}, {"status": "affected", "version": "1kW"}, {"status": "affected", "version": "2kW"}], "defaultStatus": "unaffected"}, {"vendor": "Electrolink", "product": "High Power DAB Transmitter", "versions": [{"status": "affected", "version": "2.5kW"}, {"status": "affected", "version": "3kW"}, {"status": "affected", "version": "4kW"}, {"status": "affected", "version": "5kW"}], "defaultStatus": "unaffected"}, {"vendor": "Electrolink", "product": "Compact FM Transmitter", "versions": [{"status": "affected", "version": "Compact FM Transmitter"}, {"status": "affected", "version": "500W"}, {"status": "affected", "version": "1kW"}, {"status": "affected", "version": "2kW"}], "defaultStatus": "unaffected"}, {"vendor": "Electrolink", "product": "Modular FM Transmitter", "versions": [{"status": "affected", "version": "3kW"}, {"status": "affected", "version": "5kW"}, {"status": "affected", "version": "10kW"}, {"status": "affected", "version": "15kW"}, {"status": "affected", "version": "20kW"}, {"status": "affected", "version": "30kW"}], "defaultStatus": "unaffected"}, {"vendor": "Electrolink", "product": "Digital FM Transmitter", "versions": [{"status": "affected", "version": "15W", "versionType": "custom", "lessThanOrEqual": "40kW"}], "defaultStatus": "unaffected"}, {"vendor": "Electrolink", "product": "VHF TV Transmitter", "versions": [{"status": "affected", "version": "BI"}, {"status": "affected", "version": "BIII"}], "defaultStatus": "unaffected"}, {"vendor": "Electrolink", "product": "UHF TV Transmitter", "versions": [{"status": "affected", "version": "10W", "versionType": "custom", "lessThanOrEqual": "5kW"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"}], "workarounds": [{"lang": "en", "value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information.", "supportingMedia": [{"type": "text/html", "value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\">Electrolink</a> for additional information.\n\n<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system.", "supportingMedia": [{"type": "text/html", "value": "Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-05-28T16:52:22.524Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3742", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:20:00.923Z", "dateReserved": "2024-04-12T19:46:39.173Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2024-04-18T22:15:35.521Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system."}, {"lang": "es", "value": "Los transmisores Electrolink almacenan las credenciales en texto claro. El uso de estas credenciales podr\u00eda permitir que un atacante acceda al sistema."}], "id": "CVE-2024-3742", "lastModified": "2024-05-28T17:15:11.450", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "NONE"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2024-04-18T23:15:07.650", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}