CVE-2022-4780 (GCVE-0-2022-4780)

Vulnerability from cvelistv5 – Published: 2022-12-28 14:21 – Updated: 2025-04-10 20:31
VLAI?
Title
hard coded credentials in elvexys ISOS firmwares
Summary
ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change.
Severity ?
4.5 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE
  • n/a
Assigner
References
Impacted products
Vendor Product Version
elvexys ISOS Affected: 1.81 , ≤ 2.00 (patch)
Create a notification for this product.
Credits
Damian Pfammatter, Cyber-Defense Campus, armasuisse S+T Daniel Hulliger, Cyber-Defense Campus, armasuisse S+T
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:48:40.472Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "release-notes",
              "x_transferred"
            ],
            "url": "https://elvexys.com/products/xpg-gateway-rtu-protocol-converter/isos-release-notes/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-4780",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-10T20:30:46.383689Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-10T20:31:03.789Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ISOS",
          "vendor": "elvexys",
          "versions": [
            {
              "lessThanOrEqual": "2.00",
              "status": "affected",
              "version": "1.81",
              "versionType": "patch"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Damian Pfammatter, Cyber-Defense Campus, armasuisse S+T"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Daniel Hulliger, Cyber-Defense Campus, armasuisse S+T"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "ISOS firmwares from \u003cb\u003eversions 1.81 to 2.00 \u003c/b\u003econtain hardcoded credentials from embedded StreamX installer that integrators are not forced to change.\u003cbr\u003e"
            }
          ],
          "value": "ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-28T23:29:52.525Z",
        "orgId": "455daabc-a392-441d-aa46-37d35189897c",
        "shortName": "NCSC.ch"
      },
      "references": [
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://elvexys.com/products/xpg-gateway-rtu-protocol-converter/isos-release-notes/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "ISOS firmwares from version 2.01 force the user to change the default credentials during the first login.\u003cbr\u003eFor\n ISOS fimwares up to version 2.00, the default credentials must be \nchanged by the user as documented in the \u00ab Initial staging \u00bb and \u00ab User \naccess \u00bb chapters. "
            }
          ],
          "value": "ISOS firmwares from version 2.01 force the user to change the default credentials during the first login.\nFor\n ISOS fimwares up to version 2.00, the default credentials must be \nchanged by the user as documented in the \u00ab Initial staging \u00bb and \u00ab User \naccess \u00bb chapters. "
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "hard coded credentials in elvexys ISOS firmwares",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
    "assignerShortName": "NCSC.ch",
    "cveId": "CVE-2022-4780",
    "datePublished": "2022-12-28T14:21:36.185Z",
    "dateReserved": "2022-12-28T09:17:05.953Z",
    "dateUpdated": "2025-04-10T20:31:03.789Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-4780",
      "date": "2026-05-03",
      "epss": "0.00051",
      "percentile": "0.15755"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-4780\",\"sourceIdentifier\":\"vulnerability@ncsc.ch\",\"published\":\"2022-12-29T00:15:09.657\",\"lastModified\":\"2024-11-21T07:35:55.720\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change.\\n\"},{\"lang\":\"es\",\"value\":\"Los firmware ISOS de las versiones 1.81 a 2.00 contienen credenciales codificadas del instalador StreamX integrado que los integradores no est\u00e1n obligados a cambiar.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"vulnerability@ncsc.ch\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":4.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.0,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:elvexys:isos_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.81\",\"versionEndIncluding\":\"2.00\",\"matchCriteriaId\":\"8D7B2E55-E039-4214-9BD6-7287B4344D3B\"}]}]}],\"references\":[{\"url\":\"https://elvexys.com/products/xpg-gateway-rtu-protocol-converter/isos-release-notes/\",\"source\":\"vulnerability@ncsc.ch\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://elvexys.com/products/xpg-gateway-rtu-protocol-converter/isos-release-notes/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://elvexys.com/products/xpg-gateway-rtu-protocol-converter/isos-release-notes/\", \"tags\": [\"release-notes\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T01:48:40.472Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-4780\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-10T20:30:46.383689Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-10T20:30:57.991Z\"}}], \"cna\": {\"title\": \"hard coded credentials in elvexys ISOS firmwares\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Damian Pfammatter, Cyber-Defense Campus, armasuisse S+T\"}, {\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Daniel Hulliger, Cyber-Defense Campus, armasuisse S+T\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"elvexys\", \"product\": \"ISOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.81\", \"versionType\": \"patch\", \"lessThanOrEqual\": \"2.00\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"ISOS firmwares from version 2.01 force the user to change the default credentials during the first login.\\nFor\\n ISOS fimwares up to version 2.00, the default credentials must be \\nchanged by the user as documented in the \\u00ab Initial staging \\u00bb and \\u00ab User \\naccess \\u00bb chapters. \", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"ISOS firmwares from version 2.01 force the user to change the default credentials during the first login.\u003cbr\u003eFor\\n ISOS fimwares up to version 2.00, the default credentials must be \\nchanged by the user as documented in the \\u00ab Initial staging \\u00bb and \\u00ab User \\naccess \\u00bb chapters. \", \"base64\": false}]}], \"references\": [{\"url\": \"https://elvexys.com/products/xpg-gateway-rtu-protocol-converter/isos-release-notes/\", \"tags\": [\"release-notes\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change.\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"ISOS firmwares from \u003cb\u003eversions 1.81 to 2.00 \u003c/b\u003econtain hardcoded credentials from embedded StreamX installer that integrators are not forced to change.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"455daabc-a392-441d-aa46-37d35189897c\", \"shortName\": \"NCSC.ch\", \"dateUpdated\": \"2022-12-28T23:29:52.525Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-4780\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-10T20:31:03.789Z\", \"dateReserved\": \"2022-12-28T09:17:05.953Z\", \"assignerOrgId\": \"455daabc-a392-441d-aa46-37d35189897c\", \"datePublished\": \"2022-12-28T14:21:36.185Z\", \"assignerShortName\": \"NCSC.ch\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.