Search criteria
3 vulnerabilities found for ISOS by elvexys
VAR-202212-2251
Vulnerability from variot - Updated: 2024-08-14 15:16ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change. ISOS A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202212-2251",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "isos",
"scope": "lte",
"trust": 1.0,
"vendor": "elvexys",
"version": "2.00"
},
{
"model": "isos",
"scope": "gte",
"trust": 1.0,
"vendor": "elvexys",
"version": "1.81"
},
{
"model": "isos",
"scope": "eq",
"trust": 0.8,
"vendor": "elvexys sa",
"version": "isos firmware 1.81 to 2.00"
},
{
"model": "isos",
"scope": "eq",
"trust": 0.8,
"vendor": "elvexys sa",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004430"
},
{
"db": "NVD",
"id": "CVE-2022-4780"
}
]
},
"cve": "CVE-2022-4780",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-4780",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "vulnerability@ncsc.ch",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.0,
"id": "CVE-2022-4780",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-4780",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-4780",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "vulnerability@ncsc.ch",
"id": "CVE-2022-4780",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-4780",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202212-4080",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004430"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-4080"
},
{
"db": "NVD",
"id": "CVE-2022-4780"
},
{
"db": "NVD",
"id": "CVE-2022-4780"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change. ISOS A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-4780"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004430"
},
{
"db": "VULHUB",
"id": "VHN-449885"
},
{
"db": "VULMON",
"id": "CVE-2022-4780"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-4780",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004430",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202212-4080",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-449885",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-4780",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-449885"
},
{
"db": "VULMON",
"id": "CVE-2022-4780"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004430"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-4080"
},
{
"db": "NVD",
"id": "CVE-2022-4780"
}
]
},
"id": "VAR-202212-2251",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-449885"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:16:19.215000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ISOS\u00a0release\u00a0notes",
"trust": 0.8,
"url": "https://elvexys.com/products/xpg-gateway-rtu-protocol-converter/isos-release-notes/"
},
{
"title": "Elvexys ISOS Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=220821"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004430"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-4080"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
},
{
"problemtype": "Use hard-coded credentials (CWE-798) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-449885"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004430"
},
{
"db": "NVD",
"id": "CVE-2022-4780"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://elvexys.com/products/xpg-gateway-rtu-protocol-converter/isos-release-notes/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4780"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-4780/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-449885"
},
{
"db": "VULMON",
"id": "CVE-2022-4780"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004430"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-4080"
},
{
"db": "NVD",
"id": "CVE-2022-4780"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-449885"
},
{
"db": "VULMON",
"id": "CVE-2022-4780"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004430"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-4080"
},
{
"db": "NVD",
"id": "CVE-2022-4780"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-29T00:00:00",
"db": "VULHUB",
"id": "VHN-449885"
},
{
"date": "2022-12-29T00:00:00",
"db": "VULMON",
"id": "CVE-2022-4780"
},
{
"date": "2023-04-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-004430"
},
{
"date": "2022-12-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-4080"
},
{
"date": "2022-12-29T00:15:09.657000",
"db": "NVD",
"id": "CVE-2022-4780"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-449885"
},
{
"date": "2022-12-29T00:00:00",
"db": "VULMON",
"id": "CVE-2022-4780"
},
{
"date": "2023-04-11T08:01:00",
"db": "JVNDB",
"id": "JVNDB-2022-004430"
},
{
"date": "2023-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-4080"
},
{
"date": "2023-11-07T03:58:54.693000",
"db": "NVD",
"id": "CVE-2022-4780"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-4080"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ISOS\u00a0 Vulnerability related to use of hardcoded credentials in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004430"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-4080"
}
],
"trust": 0.6
}
}
CVE-2022-4780 (GCVE-0-2022-4780)
Vulnerability from nvd – Published: 2022-12-28 14:21 – Updated: 2025-04-10 20:31
VLAI?
Title
hard coded credentials in elvexys ISOS firmwares
Summary
ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change.
Severity ?
4.5 (Medium)
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:48:40.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://elvexys.com/products/xpg-gateway-rtu-protocol-converter/isos-release-notes/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T20:30:46.383689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T20:31:03.789Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ISOS",
"vendor": "elvexys",
"versions": [
{
"lessThanOrEqual": "2.00",
"status": "affected",
"version": "1.81",
"versionType": "patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Damian Pfammatter, Cyber-Defense Campus, armasuisse S+T"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel Hulliger, Cyber-Defense Campus, armasuisse S+T"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ISOS firmwares from \u003cb\u003eversions 1.81 to 2.00 \u003c/b\u003econtain hardcoded credentials from embedded StreamX installer that integrators are not forced to change.\u003cbr\u003e"
}
],
"value": "ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-28T23:29:52.525Z",
"orgId": "455daabc-a392-441d-aa46-37d35189897c",
"shortName": "NCSC.ch"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://elvexys.com/products/xpg-gateway-rtu-protocol-converter/isos-release-notes/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ISOS firmwares from version 2.01 force the user to change the default credentials during the first login.\u003cbr\u003eFor\n ISOS fimwares up to version 2.00, the default credentials must be \nchanged by the user as documented in the \u00ab Initial staging \u00bb and \u00ab User \naccess \u00bb chapters. "
}
],
"value": "ISOS firmwares from version 2.01 force the user to change the default credentials during the first login.\nFor\n ISOS fimwares up to version 2.00, the default credentials must be \nchanged by the user as documented in the \u00ab Initial staging \u00bb and \u00ab User \naccess \u00bb chapters. "
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "hard coded credentials in elvexys ISOS firmwares",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
"assignerShortName": "NCSC.ch",
"cveId": "CVE-2022-4780",
"datePublished": "2022-12-28T14:21:36.185Z",
"dateReserved": "2022-12-28T09:17:05.953Z",
"dateUpdated": "2025-04-10T20:31:03.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4780 (GCVE-0-2022-4780)
Vulnerability from cvelistv5 – Published: 2022-12-28 14:21 – Updated: 2025-04-10 20:31
VLAI?
Title
hard coded credentials in elvexys ISOS firmwares
Summary
ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change.
Severity ?
4.5 (Medium)
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:48:40.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://elvexys.com/products/xpg-gateway-rtu-protocol-converter/isos-release-notes/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T20:30:46.383689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T20:31:03.789Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ISOS",
"vendor": "elvexys",
"versions": [
{
"lessThanOrEqual": "2.00",
"status": "affected",
"version": "1.81",
"versionType": "patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Damian Pfammatter, Cyber-Defense Campus, armasuisse S+T"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel Hulliger, Cyber-Defense Campus, armasuisse S+T"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ISOS firmwares from \u003cb\u003eversions 1.81 to 2.00 \u003c/b\u003econtain hardcoded credentials from embedded StreamX installer that integrators are not forced to change.\u003cbr\u003e"
}
],
"value": "ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-28T23:29:52.525Z",
"orgId": "455daabc-a392-441d-aa46-37d35189897c",
"shortName": "NCSC.ch"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://elvexys.com/products/xpg-gateway-rtu-protocol-converter/isos-release-notes/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ISOS firmwares from version 2.01 force the user to change the default credentials during the first login.\u003cbr\u003eFor\n ISOS fimwares up to version 2.00, the default credentials must be \nchanged by the user as documented in the \u00ab Initial staging \u00bb and \u00ab User \naccess \u00bb chapters. "
}
],
"value": "ISOS firmwares from version 2.01 force the user to change the default credentials during the first login.\nFor\n ISOS fimwares up to version 2.00, the default credentials must be \nchanged by the user as documented in the \u00ab Initial staging \u00bb and \u00ab User \naccess \u00bb chapters. "
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "hard coded credentials in elvexys ISOS firmwares",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
"assignerShortName": "NCSC.ch",
"cveId": "CVE-2022-4780",
"datePublished": "2022-12-28T14:21:36.185Z",
"dateReserved": "2022-12-28T09:17:05.953Z",
"dateUpdated": "2025-04-10T20:31:03.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}