CVE-2022-4945
published 2023-05-22CVE-2022-4945: The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the device could…
PriorityP427medium6.5CVSS 3.1
AVLACLPRLUINSCCHINAN
EPSS
0.17%
7.1th percentile
The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the device could compromise other devices connected to the user's cloud.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dataprobe | iboot-pdu4-c20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4-n20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4a-c10_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4a-c20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4a-n15_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4a-n20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4sa-c10_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4sa-c20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4sa-n15_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu4sa-n20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-2c10_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-2c20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-2n15_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-2n20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-c10_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-c20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-n15_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8a-n20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8sa-2n15_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8sa-c10_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8sa-n15_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe | iboot-pdu8sa-n20_firmware | < 1.42.06162022 | 1.42.06162022 |
| dataprobe_inc | dataprobe_iboot-pdu_fw | < 1.42.06162022 | 1.42.06162022 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gx4c-qrx5-9w6f: The Dataprobe cloud usernames and passwords are stored in plain text in a specific file
ghsa_unreviewed·2023-05-23
CVE-2022-4945 [MEDIUM] CWE-256 GHSA-gx4c-qrx5-9w6f: The Dataprobe cloud usernames and passwords are stored in plain text in a specific file
The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the device could compromise other devices connected to the user's cloud.
CISA ICS
Dataprobe iBoot-PDU (Update A)
cisa_ics·2022-09-20·CVSS 9.8
[CRITICAL] Dataprobe iBoot-PDU (Update A)
ICS Advisory
##
Dataprobe iBoot-PDU (Update A)
Last RevisedMay 04, 2023
Alert CodeICSA-22-263-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Dataprobe
- Equipment: iBoot-PDU FW
- Vulnerabilities: OS Command Injection, Path Traversal, Exposure of Sensitive Information to an Unauthorized Actor, Improper Access Control, Improper Authorization, Incorrect Authorization, SSRF, Stack-Based Buffer Overflow, Use of Weak Credentials, Plaintext Storage of a Password, Authentication Bypass Using an Alternate Path or Channel
## 2. UPDATE OR REPOSTED INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-22-263-03 Dataprobe iBoot-PDU that was published September 20, 2022, on the IC
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-05-22
Published