Vulnerability Details : CVE-2022-38355
Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to attackers with access to the local area network (LAN) to disclose sensitive information stored by the affected product without requiring authentication.
Vulnerability category: BypassGain privilege
Products affected by CVE-2022-38355
- cpe:2.3:a:daikinlatam:svmpc2:*:*:*:*:*:*:*:*
- cpe:2.3:a:daikinlatam:svmpc1:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-38355
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 11 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-38355
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
ICS-CERT | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2022-38355
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: ics-cert@hq.dhs.gov (Secondary)
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-38355
-
https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-02
Daikin Holdings Singapore | CISAThird Party Advisory;US Government Resource
Jump to