CVE-2022-2967

MEDIUM

Prosysopc UA Modbus Server - Insufficiently Protected Credentials

Title source: rule

Description

Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5 and prior do not sufficiently protect credentials, which could allow an attacker to obtain user credentials and gain access to system data.

References (2)

[Patch, Third Party Advisory, US Government Resource] https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-01

[Vendor Advisory] https://www.prosysopc.com/blog/#Security

Scores

CVSS v3 6.5

EPSS 0.0014

EPSS Percentile 33.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (2)

prosysopc/ua_modbus_server < 1.4.20

prosysopc/ua_simulation_server < 5.4.0

Timeline

Published Jan 03, 2023

Tracked Since Feb 18, 2026