CVE-2022-2640

HIGH

Horner Automation's RCC 972 <15.40 - Info Disclosure

Title source: llm

Description

The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP).

References (1)

[Patch, Third Party Advisory, US Government Resource] https://www.cisa.gov/uscert/ics/advisories/icsa-22-335-02

Scores

CVSS v3 7.5

EPSS 0.0006

EPSS Percentile 18.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-326

Status published

Products (1)

hornerautomation/rcc972_firmware 15.40

Published Dec 02, 2022

Tracked Since Feb 18, 2026