CVE-2022-22512
CRITICALVARTA Storage Firmware - Unauthenticated Administrative Access via Hard-coded Credentials
Title source: llmDescription
Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network.
References (1)
Core 1
Core References
Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2022-061/
Scores
CVSS v3
9.8
EPSS
0.0067
EPSS Percentile
47.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-798
Status
published
Products (8)
varta/element_backup_firmware
< f21000400
varta/element_s1_firmware
< 2e.3.8.0
varta/element_s2_firmware
< 2e.3.8.0
varta/element_s3_firmware
< 2e.3.8.0
varta/element_s4_firmware
< d21010400
varta/one_l_firmware
< 2e.3.8.0
varta/one_xl_firmware
< 2e.3.8.0
varta/pulse_firmware
< c21010800
Published
Mar 23, 2023
Tracked Since
Feb 18, 2026