Common Weakness Enumeration

CWE-256

Allowed

Plaintext Storage of a Password

Abstraction: Base · Status: Incomplete

The product stores a password in plaintext within resources such as memory or files.

398 vulnerabilities reference this CWE, most recent first.

CVE-2023-0457 (GCVE-0-2023-0457)

Vulnerability from cvelistv5 – Published: 2023-03-03 04:18 – Updated: 2025-03-05 20:02
VLAI
Title
Information Disclosure Vulnerability in MELSEC Series
Summary
Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-256 - Plaintext Storage of a Password
Assigner
Impacted products
Vendor Product Version
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-32MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-64MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-80MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-32MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-64MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-80MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-32MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-64MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-80MT/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-32MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-64MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-80MR/DS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-32MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-64MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-80MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-32MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-64MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-80MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/D Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-64MT/D Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-96MT/D Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-64MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-96MT/DSS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-24MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-40MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-60MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-24MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-40MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-60MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-24MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-40MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-60MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-24MT/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-40MT/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-60MT/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-24MR/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-40MR/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-60MR/ES-A Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-30MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-40MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-60MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-80MT/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-30MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-40MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-60MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-80MR/ES Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-30MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-40MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-60MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-80MT/ESS Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R00CPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R01CPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R02CPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R04CPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R08CPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R16CPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R32CPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R120CPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R04ENCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R08ENCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R16ENCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R32ENCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R120ENCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R08SFCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R16SFCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R32SFCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R120SFCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R08PCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R16PCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R32PCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R120PCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R08PSFCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R16PSFCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R32PSFCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R120PSFCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q03UDECPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q04UDEHCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q06UDEHCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q10UDEHCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q13UDEHCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q20UDEHCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q26UDEHCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q50UDEHCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q100UDEHCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q03UDVCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q04UDVCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q06UDVCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q13UDVCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q26UDVCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q04UDPVCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q06UDPVCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q13UDPVCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series Q26UDPVCPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-Q Series QJ71E71-100 Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-L Series L02CPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-L Series L06CPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-L Series L26CPU Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-L Series L02CPU-P Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-L Series L06CPU-P Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-L Series L26CPU-P Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-L Series L26CPU-BT Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-L Series L26CPU-PBT Affected: all versions
Create a notification for this product.
Mitsubishi Electric Corporation MELSEC-L Series LJ71E71-100 Affected: all versions
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:10:56.351Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-023_en.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU93891523/index.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-061-01"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-0457",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T20:02:13.840915Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T20:02:32.364Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-32MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-64MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-80MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-32MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-64MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-80MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-32MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-64MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-80MT/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-32MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-64MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-80MR/DS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-32MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-64MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-80MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-32MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-64MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5U-80MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-32MT/D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-64MT/D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-96MT/D",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-32MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-64MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-96MT/DSS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-32MT/DS-TS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-32MT/DSS-TS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UC-32MR/DS-TS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-24MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-40MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-60MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-24MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-40MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-60MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-24MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-40MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-60MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-24MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-40MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-60MT/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-24MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-40MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5UJ-60MR/ES-A",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-30MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-40MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-60MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-80MT/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-30MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-40MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-60MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-80MR/ES",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-30MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-40MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-60MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5S-80MT/ESS",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5-ENET",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-F Series FX5-ENET/IP",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R00CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R01CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R02CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R04CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R08CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R16CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R32CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R120CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R04ENCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R08ENCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R16ENCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R32ENCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R120ENCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R08SFCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R16SFCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R32SFCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R120SFCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R08PCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R16PCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R32PCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R120PCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R08PSFCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R16PSFCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R32PSFCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R120PSFCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series RJ71EN71",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC iQ-R Series R12CCPU-V",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q03UDECPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q04UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q06UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q10UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q13UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q20UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q26UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q50UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q100UDEHCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q03UDVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q04UDVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q06UDVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q13UDVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q26UDVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q04UDPVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q06UDPVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q13UDPVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series Q26UDPVCPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-Q Series QJ71E71-100",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L02CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L06CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L26CPU",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L02CPU-P",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L06CPU-P",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L26CPU-P",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L26CPU-BT",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series L26CPU-PBT",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MELSEC-L Series LJ71E71-100",
          "vendor": "Mitsubishi Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server."
            }
          ],
          "value": "Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Information disclosure"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256 Plaintext Storage of a Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-21T04:21:45.500Z",
        "orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
        "shortName": "Mitsubishi"
      },
      "references": [
        {
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-023_en.pdf"
        },
        {
          "url": "https://jvn.jp/vu/JVNVU93891523/index.html"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-061-01"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Information Disclosure Vulnerability in MELSEC Series",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
    "assignerShortName": "Mitsubishi",
    "cveId": "CVE-2023-0457",
    "datePublished": "2023-03-03T04:18:15.787Z",
    "dateReserved": "2023-01-24T08:55:21.468Z",
    "dateUpdated": "2025-03-05T20:02:32.364Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-47561 (GCVE-0-2022-47561)

Vulnerability from cvelistv5 – Published: 2023-09-20 07:54 – Updated: 2024-09-24 18:06 Unsupported When Assigned
VLAI
Title
Unprotected Storage of Credentials in Ormazabal products
Summary
The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious actions.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-256 - Unprotected Storage of Credentials
Assigner
Impacted products
Date Public
2023-08-22 10:00
Credits
Jacinto Moral Matellán
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:55:08.312Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-47561",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T18:00:10.995853Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T18:06:23.610Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ekorCCP",
          "vendor": "Ormazabal",
          "versions": [
            {
              "status": "affected",
              "version": "601j"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ekorRCI",
          "vendor": "Ormazabal",
          "versions": [
            {
              "status": "affected",
              "version": "601j"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Jacinto Moral Matell\u00e1n"
        }
      ],
      "datePublic": "2023-08-22T10:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The web application stores credentials in clear text in the \"admin.xml\" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious actions."
            }
          ],
          "value": "The web application stores credentials in clear text in the \"admin.xml\" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious actions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256 Unprotected Storage of Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-20T07:54:53.890Z",
        "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "shortName": "INCIBE"
      },
      "references": [
        {
          "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Ormazabal recommends upgrading to updated models."
            }
          ],
          "value": "Ormazabal recommends upgrading to updated models."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "tags": [
        "unsupported-when-assigned"
      ],
      "title": "Unprotected Storage of Credentials in Ormazabal products",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
    "assignerShortName": "INCIBE",
    "cveId": "CVE-2022-47561",
    "datePublished": "2023-09-20T07:54:53.890Z",
    "dateReserved": "2022-12-19T16:35:50.462Z",
    "dateUpdated": "2024-09-24T18:06:23.610Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-43958 (GCVE-0-2022-43958)

Vulnerability from cvelistv5 – Published: 2022-11-08 00:00 – Updated: 2025-04-21 13:46
VLAI
Summary
A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All versions < V12.39). User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-256 - Plaintext Storage of a Password
Assigner
Impacted products
Vendor Product Version
Siemens QMS Automotive Affected: All versions < V12.39
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:47:04.389Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-587547.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-43958",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-18T15:22:05.948524Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-21T13:46:20.800Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "QMS Automotive",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V12.39"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "QMS Automotive",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V12.39"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in QMS Automotive (All versions \u003c V12.39), QMS Automotive (All versions \u003c V12.39). User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:P/RL:U/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256: Plaintext Storage of a Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-12T09:32:02.019Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-587547.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2022-43958",
    "datePublished": "2022-11-08T00:00:00.000Z",
    "dateReserved": "2022-10-27T00:00:00.000Z",
    "dateUpdated": "2025-04-21T13:46:20.800Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-41732 (GCVE-0-2022-41732)

Vulnerability from cvelistv5 – Published: 2022-11-28 16:30 – Updated: 2025-04-25 14:58
VLAI
Title
IBM Maximo information disclosure
Summary
IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-256 - Plaintext Storage of a Password
Assigner
ibm
Impacted products
Vendor Product Version
IBM Maximo Mobile Affected: 8.7
Affected: 8.8
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:49:43.566Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6841617"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237407"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-41732",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-25T14:58:45.213140Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-25T14:58:56.248Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Maximo Mobile",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.7"
            },
            {
              "status": "affected",
              "version": "8.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nIBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256 Plaintext Storage of a Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-28T16:30:28.318Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/6841617"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237407"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Maximo information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-41732",
    "datePublished": "2022-11-28T16:30:28.318Z",
    "dateReserved": "2022-09-28T17:18:53.375Z",
    "dateUpdated": "2025-04-25T14:58:56.248Z",
    "requesterUserId": "69938c14-a5a2-41ac-a450-71ed41911136",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-36308 (GCVE-0-2022-36308)

Vulnerability from cvelistv5 – Published: 2022-08-16 00:32 – Updated: 2024-08-03 10:00
VLAI
Summary
Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. This issue may affect other AirVelocity and AirSpeed models.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
Airspan AirVelocity Affected: unspecified , < 15.18.00.2511 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:00:04.241Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpdesk.airspan.com/browse/TRN3-1692"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-qjgc-rx8m-q58x"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AirVelocity",
          "vendor": "Airspan",
          "versions": [
            {
              "lessThan": "15.18.00.2511",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "dateAssigned": "2022-07-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. This issue may affect other AirVelocity and AirSpeed models."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-16T00:32:57.000Z",
        "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "shortName": "facebook"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpdesk.airspan.com/browse/TRN3-1692"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-qjgc-rx8m-q58x"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-assign@fb.com",
          "DATE_ASSIGNED": "2022-07-19",
          "ID": "CVE-2022-36308",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "AirVelocity",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "15.18.00.2511"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Airspan"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. This issue may affect other AirVelocity and AirSpeed models."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-256"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpdesk.airspan.com/browse/TRN3-1692",
              "refsource": "CONFIRM",
              "url": "https://helpdesk.airspan.com/browse/TRN3-1692"
            },
            {
              "name": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-qjgc-rx8m-q58x",
              "refsource": "MISC",
              "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-qjgc-rx8m-q58x"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
    "assignerShortName": "facebook",
    "cveId": "CVE-2022-36308",
    "datePublished": "2022-08-16T00:32:57.000Z",
    "dateReserved": "2022-07-19T00:00:00.000Z",
    "dateUpdated": "2024-08-03T10:00:04.241Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-33928 (GCVE-0-2022-33928)

Vulnerability from cvelistv5 – Published: 2022-08-10 16:31 – Updated: 2024-09-17 02:37
VLAI
Summary
Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
CWE
  • CWE-256 - Unprotected Storage of Credentials
Assigner
References
Impacted products
Vendor Product Version
Dell Wyse Management Suite Affected: unspecified , < 3.7 (custom)
Create a notification for this product.
Date Public
2022-07-18 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:09:22.812Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/en-us/000201383/dsa-2022-134-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Wyse Management Suite",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "3.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-07-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256: Unprotected Storage of Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-10T16:31:13.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000201383/dsa-2022-134-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2022-07-18",
          "ID": "CVE-2022-33928",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Wyse Management Suite",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "3.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dell"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 6.4,
            "baseSeverity": "Medium",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-256: Unprotected Storage of Credentials"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.dell.com/support/kbdoc/en-us/000201383/dsa-2022-134-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities",
              "refsource": "MISC",
              "url": "https://www.dell.com/support/kbdoc/en-us/000201383/dsa-2022-134-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2022-33928",
    "datePublished": "2022-08-10T16:31:13.908Z",
    "dateReserved": "2022-06-17T00:00:00.000Z",
    "dateUpdated": "2024-09-17T02:37:41.986Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-31044 (GCVE-0-2022-31044)

Vulnerability from cvelistv5 – Published: 2022-06-15 19:00 – Updated: 2025-04-23 18:14
VLAI
Title
Plaintext Storage of Keys and Passwords in Rundeck and PagerDuty Process Automation
Summary
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resulting in use of the encryption layer for Key Storage possibly not working. Any credentials created or overwritten using Rundeck 4.2.0 or 4.2.1 might result in them being written in plaintext to the backend storage. This affects those using any `Storage Converter` plugin. Rundeck 4.3.1 and 4.2.2 have fixed the code and upon upgrade will re-encrypt any plain text values. Version 4.3.0 does not have the vulnerability, but does not include the patch to re-encrypt plain text values if 4.2.0 or 4.2.1 were used. To prevent plaintext credentials from being stored in Rundeck 4.2.0/4.2.1, write access to key storage can be disabled via ACLs. After upgrading to 4.3.1 or later, write access can be restored.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-256 - Plaintext Storage of a Password
  • CWE-522 - Insufficiently Protected Credentials
Assigner
References
Impacted products
Vendor Product Version
rundeck rundeck Affected: >= 4.2.0, < 4.2.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:03:40.301Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/rundeck/rundeck/security/advisories/GHSA-hprf-rrwq-jm5c"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-31044",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T15:54:10.234259Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T18:14:03.690Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rundeck",
          "vendor": "rundeck",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.2.0, \u003c 4.2.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Rundeck is an open source automation service with a web console, command line tools and a WebAPI. The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resulting in use of the encryption layer for Key Storage possibly not working. Any credentials created or overwritten using Rundeck 4.2.0 or 4.2.1 might result in them being written in plaintext to the backend storage. This affects those using any `Storage Converter` plugin. Rundeck 4.3.1 and 4.2.2 have fixed the code and upon upgrade will re-encrypt any plain text values. Version 4.3.0 does not have the vulnerability, but does not include the patch to re-encrypt plain text values if 4.2.0 or 4.2.1 were used. To prevent plaintext credentials from being stored in Rundeck 4.2.0/4.2.1, write access to key storage can be disabled via ACLs. After upgrading to 4.3.1 or later, write access can be restored."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256: Plaintext Storage of a Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522: Insufficiently Protected Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-15T19:00:22.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rundeck/rundeck/security/advisories/GHSA-hprf-rrwq-jm5c"
        }
      ],
      "source": {
        "advisory": "GHSA-hprf-rrwq-jm5c",
        "discovery": "UNKNOWN"
      },
      "title": "Plaintext Storage of Keys and Passwords in Rundeck and PagerDuty Process Automation",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-31044",
          "STATE": "PUBLIC",
          "TITLE": "Plaintext Storage of Keys and Passwords in Rundeck and PagerDuty Process Automation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "rundeck",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 4.2.0, \u003c 4.2.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "rundeck"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Rundeck is an open source automation service with a web console, command line tools and a WebAPI. The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resulting in use of the encryption layer for Key Storage possibly not working. Any credentials created or overwritten using Rundeck 4.2.0 or 4.2.1 might result in them being written in plaintext to the backend storage. This affects those using any `Storage Converter` plugin. Rundeck 4.3.1 and 4.2.2 have fixed the code and upon upgrade will re-encrypt any plain text values. Version 4.3.0 does not have the vulnerability, but does not include the patch to re-encrypt plain text values if 4.2.0 or 4.2.1 were used. To prevent plaintext credentials from being stored in Rundeck 4.2.0/4.2.1, write access to key storage can be disabled via ACLs. After upgrading to 4.3.1 or later, write access can be restored."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-256: Plaintext Storage of a Password"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-522: Insufficiently Protected Credentials"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/rundeck/rundeck/security/advisories/GHSA-hprf-rrwq-jm5c",
              "refsource": "CONFIRM",
              "url": "https://github.com/rundeck/rundeck/security/advisories/GHSA-hprf-rrwq-jm5c"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-hprf-rrwq-jm5c",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-31044",
    "datePublished": "2022-06-15T19:00:22.000Z",
    "dateReserved": "2022-05-18T00:00:00.000Z",
    "dateUpdated": "2025-04-23T18:14:03.690Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-29085 (GCVE-0-2022-29085)

Vulnerability from cvelistv5 – Published: 2022-06-02 21:00 – Updated: 2024-09-17 03:23
VLAI
Summary
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.
CWE
  • CWE-256 - Unprotected Storage of Credentials
Assigner
References
Impacted products
Vendor Product Version
Dell Unity Affected: unspecified , < 5.2.0.0.5.173 (custom)
Create a notification for this product.
Date Public
2022-04-29 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:10:59.215Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/000199050"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Unity",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "5.2.0.0.5.173",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-04-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256: Unprotected Storage of Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-02T21:00:30.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.dell.com/support/kbdoc/000199050"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2022-04-29",
          "ID": "CVE-2022-29085",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Unity",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "5.2.0.0.5.173"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dell"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 6.4,
            "baseSeverity": "Medium",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-256: Unprotected Storage of Credentials"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.dell.com/support/kbdoc/000199050",
              "refsource": "MISC",
              "url": "https://www.dell.com/support/kbdoc/000199050"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2022-29085",
    "datePublished": "2022-06-02T21:00:31.054Z",
    "dateReserved": "2022-04-12T00:00:00.000Z",
    "dateUpdated": "2024-09-17T03:23:38.857Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-27548 (GCVE-0-2022-27548)

Vulnerability from cvelistv5 – Published: 2022-07-06 20:25 – Updated: 2024-09-16 18:12
VLAI
Title
HCL Launch is vulnerable to information disclosure which can be read by a local user.
Summary
HCL Launch stores user credentials in plain clear text which can be read by a local user.
CWE
  • CWE-256 - Unprotected Storage of Credentials
Assigner
HCL
References
Impacted products
Vendor Product Version
HCL Software HCL Launch Affected: 7.2.2.1, 7.1.2.6, 7.0.5.10
Create a notification for this product.
Date Public
2022-07-01 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:33:00.116Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0099253"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "HCL Launch",
          "vendor": "HCL Software",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.2.1, 7.1.2.6, 7.0.5.10"
            }
          ]
        }
      ],
      "datePublic": "2022-07-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "HCL Launch stores user credentials in plain clear text which can be read by a local user."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256 Unprotected Storage of Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-06T20:25:13.000Z",
        "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "shortName": "HCL"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0099253"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "HCL Launch is vulnerable to information disclosure which can be read by a local user.",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@hcl.com",
          "DATE_PUBLIC": "2022-07-01T19:33:00.000Z",
          "ID": "CVE-2022-27548",
          "STATE": "PUBLIC",
          "TITLE": "HCL Launch is vulnerable to information disclosure which can be read by a local user."
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "HCL Launch",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.2.2.1, 7.1.2.6, 7.0.5.10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "HCL Software"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "HCL Launch stores user credentials in plain clear text which can be read by a local user."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-256 Unprotected Storage of Credentials"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0099253",
              "refsource": "MISC",
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0099253"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
    "assignerShortName": "HCL",
    "cveId": "CVE-2022-27548",
    "datePublished": "2022-07-06T20:25:13.132Z",
    "dateReserved": "2022-03-21T00:00:00.000Z",
    "dateUpdated": "2024-09-16T18:12:59.889Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-22557 (GCVE-0-2022-22557)

Vulnerability from cvelistv5 – Published: 2022-06-02 21:00 – Updated: 2024-09-16 19:46
VLAI
Summary
PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
CWE
  • CWE-256 - Unprotected Storage of Credentials
Assigner
References
Impacted products
Vendor Product Version
Dell PowerStore Affected: unspecified , < PowerStore SW v2.1.0.0-1553419 (custom)
Create a notification for this product.
Date Public
2022-04-19 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:14:55.739Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/000196367"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PowerStore",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "PowerStore SW v2.1.0.0-1553419",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-04-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X \u0026 T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256: Unprotected Storage of Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-02T21:00:22.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.dell.com/support/kbdoc/000196367"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2022-04-19",
          "ID": "CVE-2022-22557",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PowerStore",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "PowerStore SW v2.1.0.0-1553419"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dell"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X \u0026 T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 7.5,
            "baseSeverity": "High",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-256: Unprotected Storage of Credentials"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.dell.com/support/kbdoc/000196367",
              "refsource": "MISC",
              "url": "https://www.dell.com/support/kbdoc/000196367"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2022-22557",
    "datePublished": "2022-06-02T21:00:22.216Z",
    "dateReserved": "2022-01-04T00:00:00.000Z",
    "dateUpdated": "2024-09-16T19:46:36.557Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

Avoid storing passwords in easily accessible locations.

Mitigation
Architecture and Design

Consider storing cryptographic hashes of passwords as an alternative to storing in plaintext.

Mitigation

A programmer might attempt to remedy the password management problem by obscuring the password with an encoding function, such as base 64 encoding, but this effort does not adequately protect the password because the encoding can be detected and decoded easily.

No CAPEC attack patterns related to this CWE.