{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-3187", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2022-09-12T20:22:59.954Z", "datePublished": "2022-12-21T22:29:36.679Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "iBoot-PDU FW", "vendor": "Dataprobe", "versions": [{"lessThanOrEqual": "1.42.06162022", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Uri Katz"}, {"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Claroty Research"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">where c</span><span style=\"background-color: rgb(255, 255, 255);\">ertain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do not verify the validity of a user. Attackers could leverage this lack of verification to read the state of outlets. </span>\n\n</p>"}], "value": "Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability\u00a0where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do not verify the validity of a user. Attackers could leverage this lack of verification to read the state of outlets. \n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "CWE-285 Improper Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2022-12-21T22:29:36.679Z"}, "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>Dataprobe has released the following version update to mitigate these vulnerabilities:</p><ul><li>iBoot-PDU FW: <a target=\"_blank\" rel=\"nofollow\" href=\"https://dataprobe.com/support-iboot-pdu/\">Version 1.42.06162022</a></li></ul><p>Dataprobe also recommends users to disable the SNMP if it is not in use. </p>\n\n<br>"}], "value": "\nDataprobe has released the following version update to mitigate these vulnerabilities:\n\n * iBoot-PDU FW: Version 1.42.06162022 https://dataprobe.com/support-iboot-pdu/ \n\n\nDataprobe also recommends users to disable the SNMP if it is not in use. \n\n\n\n\n"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4-n20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "05060302-F6DE-4EAF-9356-8CD785ABDE7D", "versionEndExcluding": "1.42.06162022", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4-n20:-:*:*:*:*:*:*:*", "matchCriteriaId": "936B8451-A674-49D7-91EC-A03599A6D6AE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-n15_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D2071B9-BF2C-4A12-BA35-32BB59E210DB", "versionEndExcluding": "1.42.06162022", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-n15:-:*:*:*:*:*:*:*", "matchCriteriaId": "1469E464-6784-4B0B-9895-79BA5A1A1CB8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-n15_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "166422E2-0734-4F7E-B2FE-0EB461AFDD32", "versionEndExcluding": "1.42.06162022", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-n15:-:*:*:*:*:*:*:*", "matchCriteriaId": "82C1859A-0D39-4D69-B89F-E6AB92D71A38", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4sa-n20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "80159239-E373-4399-AF14-5FC3B1F7BFBF", "versionEndExcluding": "1.42.06162022", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4sa-n20:-:*:*:*:*:*:*:*", "matchCriteriaId": "A017B904-A3C4-4070-96F7-9679FD2383C9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dataprobe:iboot-pdu4a-n20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FCCC5B8-ED6E-4FCA-BA07-4D2AA1D26F50", "versionEndExcluding": "1.42.06162022", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dataprobe:iboot-pdu4a-n20:-:*:*:*:*:*:*:*", "matchCriteriaId": "23BC31CA-2061-4141-8600-EF4A9AE7DD2A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-n15_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D43D904E-6B72-44B4-A158-D6A7C30504A3", "versionEndExcluding": "1.42.06162022", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-n15:-:*:*:*:*:*:*:*", "matchCriteriaId": "E1A43409-AF18-4BD5-A0D4-D27CDD6ABBE6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-n15_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB35A114-99E7-44C6-B53B-B293AA9D9815", "versionEndExcluding": "1.42.06162022", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-n15:-:*:*:*:*:*:*:*", "matchCriteriaId": "56E2CAAD-8A4D-4F1A-AEF0-034C02965935", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-2n15_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C37DFE8A-F733-48D3-8BF6-ECC98A476C54", "versionEndExcluding": "1.42.06162022", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-2n15:-:*:*:*:*:*:*:*", "matchCriteriaId": "ACA11FBB-1B4C-4F66-89EF-2D91C0161C4C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2n15_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DAD2CA81-44E6-4499-9F5C-502F060A3B8F", "versionEndExcluding": "1.42.06162022", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2n15:-:*:*:*:*:*:*:*", "matchCriteriaId": "58CE9F4A-74BD-4AFC-B019-5D750E2D1E16", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8sa-n20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E012434-72F0-4BD6-ACA4-DF7E12FB9033", "versionEndExcluding": "1.42.06162022", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8sa-n20:-:*:*:*:*:*:*:*", "matchCriteriaId": "B64FEC33-D6D9-4F4C-BE43-31D637E6B01F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-n20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F08FCBA2-94B8-44F9-921F-0CDD03D7903A", "versionEndExcluding": "1.42.06162022", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-n20:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B1D3E7F-9C2F-48F8-BF49-539570A0986A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dataprobe:iboot-pdu8a-2n20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3577400F-ADC8-4EBF-AFEE-DE165391BE12", "versionEndExcluding": "1.42.06162022", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dataprobe:iboot-pdu8a-2n20:-:*:*:*:*:*:*:*", "matchCriteriaId": "0DFC4885-AF94-471E-AE4E-DD26A6A91667", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability\u00a0where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do not verify the validity of a user. Attackers could leverage this lack of verification to read the state of outlets. \n\n\n\n"}, {"lang": "es", "value": "Las versiones de FW de Dataprobe iBoot-PDU anteriores a 1.42.06162022 contienen una vulnerabilidad donde ciertas p\u00e1ginas PHP solo se validan cuando se establece una conexi\u00f3n v\u00e1lida con la base de datos. Sin embargo, estas p\u00e1ginas PHP no verifican la validez de un usuario. Los atacantes podr\u00edan aprovechar esta falta de verificaci\u00f3n para leer el estado de los puntos de venta."}], "id": "CVE-2022-3187", "lastModified": "2023-11-07T03:50:57.743", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2022-12-21T23:15:09.787", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}

{}