CVE-2022-22512 - Vulnerability Details - OpenCVE

Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Varta	Element Backup Element Backup Firmware Element S1 Element S1 Firmware Element S2 Element S2 Firmware Element S3 Element S3 Firmware Element S4 Element S4 Firmware One L One L Firmware One Xl One Xl Firmware Pulse Pulse Firmware

Configuration 1 [-]

AND

cpe:2.3:o:varta:element_backup_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:varta:element_backup:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:varta:element_s1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:varta:element_s1:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:varta:element_s2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:varta:element_s2:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

OR	cpe:2.3:o:varta:element_s3_firmware::::::::
	cpe:2.3:o:varta:element_s3_firmware::::::::

cpe:2.3:h:varta:element_s3:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:varta:element_s4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:varta:element_s4:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:varta:one_l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:varta:one_l:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:varta:one_xl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:varta:one_xl:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:varta:pulse_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:varta:pulse:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert.vde.com/en/advisories/VDE-2022-061/

History

Tue, 25 Feb 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2023-03-23T05:32:16.285Z

Updated: 2025-02-25T19:24:27.774Z

Reserved: 2022-01-03T22:35:36.934Z

Link: CVE-2022-22512

Vulnrichment

Updated: 2024-08-03T03:14:55.324Z

NVD

Status : Modified

Published: 2023-03-23T06:15:12.367

Modified: 2024-11-21T06:46:55.760

Link: CVE-2022-22512

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-22512", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2022-01-03T22:35:36.934Z", "datePublished": "2023-03-23T05:32:16.285Z", "dateUpdated": "2025-02-25T19:24:27.774Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Element backup", "vendor": "VARTA Storage", "versions": [{"lessThan": "F21000400", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Element S1", "vendor": "VARTA Storage", "versions": [{"lessThan": "2e.3.8.0", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Element S2", "vendor": "VARTA Storage", "versions": [{"lessThan": "2e.3.8.0", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Element S2", "vendor": "VARTA Storage", "versions": [{"lessThan": "2e.3.8.0", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Element S3", "vendor": "VARTA Storage", "versions": [{"lessThan": "2e.3.8.0", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Element S3", "vendor": "VARTA Storage", "versions": [{"lessThan": "2e.4.4.0", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Element S4", "vendor": "VARTA Storage", "versions": [{"lessThan": "D21010400", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "One L/XL", "vendor": "VARTA Storage", "versions": [{"lessThan": "2e.3.8.0", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Pulse (not pulse neo)", "vendor": "VARTA Storage", "versions": [{"lessThan": "C21010800", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Andreas Dolp"}, {"lang": "en", "type": "coordinator", "user": "00000000-0000-4000-9000-000000000000", "value": "CERT@VDE"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network."}], "value": "Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network."}], "impacts": [{"capecId": "CAPEC-150", "descriptions": [{"lang": "en", "value": "CAPEC-150 Collect Data from Common Resource Locations"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-05-23T06:06:45.925Z"}, "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2022-061/"}], "source": {"advisory": "VDE-2022-061", "defect": ["CERT@VDE#64092"], "discovery": "EXTERNAL"}, "title": "VARTA: Multiple devices prone to hard-coded credentials", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:14:55.324Z"}, "title": "CVE Program Container", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2022-061/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-25T19:24:11.167146Z", "id": "CVE-2022-22512", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-25T19:24:27.774Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2022-061/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:14:55.324Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-22512", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-25T19:24:11.167146Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-25T19:24:23.077Z"}}], "cna": {"title": "VARTA: Multiple devices prone to hard-coded credentials", "source": {"defect": ["CERT@VDE#64092"], "advisory": "VDE-2022-061", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Andreas Dolp"}, {"lang": "en", "type": "coordinator", "user": "00000000-0000-4000-9000-000000000000", "value": "CERT@VDE"}], "impacts": [{"capecId": "CAPEC-150", "descriptions": [{"lang": "en", "value": "CAPEC-150 Collect Data from Common Resource Locations"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "VARTA Storage", "product": "Element backup", "versions": [{"status": "affected", "version": "0", "lessThan": "F21000400", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "VARTA Storage", "product": "Element S1", "versions": [{"status": "affected", "version": "0", "lessThan": "2e.3.8.0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "VARTA Storage", "product": "Element S2", "versions": [{"status": "affected", "version": "0", "lessThan": "2e.3.8.0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "VARTA Storage", "product": "Element S2", "versions": [{"status": "affected", "version": "0", "lessThan": "2e.3.8.0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "VARTA Storage", "product": "Element S3", "versions": [{"status": "affected", "version": "0", "lessThan": "2e.3.8.0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "VARTA Storage", "product": "Element S3", "versions": [{"status": "affected", "version": "0", "lessThan": "2e.4.4.0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "VARTA Storage", "product": "Element S4", "versions": [{"status": "affected", "version": "0", "lessThan": "D21010400", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "VARTA Storage", "product": "One L/XL", "versions": [{"status": "affected", "version": "0", "lessThan": "2e.3.8.0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "VARTA Storage", "product": "Pulse (not pulse neo)", "versions": [{"status": "affected", "version": "0", "lessThan": "C21010800", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2022-061/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network.", "supportingMedia": [{"type": "text/html", "value": "Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-05-23T06:06:45.925Z"}}}, "cveMetadata": {"cveId": "CVE-2022-22512", "state": "PUBLISHED", "dateUpdated": "2025-02-25T19:24:27.774Z", "dateReserved": "2022-01-03T22:35:36.934Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2023-03-23T05:32:16.285Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:varta:element_backup_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B8FFA7A-1C91-4C5B-A1E0-F057A1B83B90", "versionEndExcluding": "f21000400", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:varta:element_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "18A32228-1E64-4F09-B8EA-F122F7F8EFBA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:varta:element_s1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D85D801-4958-4949-B8C1-8CF486B463E8", "versionEndExcluding": "2e.3.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:varta:element_s1:-:*:*:*:*:*:*:*", "matchCriteriaId": "19031686-7D24-408D-9144-1286C2C288B7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:varta:element_s2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1AB1110-6B20-46CD-81EE-C893D02FED70", "versionEndExcluding": "2e.3.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:varta:element_s2:-:*:*:*:*:*:*:*", "matchCriteriaId": "E9BCEA27-93B4-4D04-8E2A-4A0CC4EA725E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:varta:element_s3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E3B1FD3-CFA7-4585-B58F-DE3C67C952B5", "versionEndExcluding": "2e.3.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:varta:element_s3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "290140CE-3093-42D1-8060-A1DF88695CE9", "versionEndExcluding": "2e.4.4.0", "versionStartIncluding": "2e.4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:varta:element_s3:-:*:*:*:*:*:*:*", "matchCriteriaId": "67ACACF9-DBAF-4C23-AD99-2966BC9DE24A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:varta:element_s4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "29167A22-1E33-4DD8-BD6D-9046F6D11394", "versionEndExcluding": "d21010400", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:varta:element_s4:-:*:*:*:*:*:*:*", "matchCriteriaId": "1A2E6700-E663-4F91-8F2C-2D543A5B074D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:varta:one_l_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "99BB655C-9E6E-4373-9B87-1A012DFAFACB", "versionEndExcluding": "2e.3.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:varta:one_l:-:*:*:*:*:*:*:*", "matchCriteriaId": "6FE9CF95-00C5-4913-9BFE-B57F1014FE7C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:varta:one_xl_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "79C4C11C-02D8-4580-A2F6-23A7FD861CB7", "versionEndExcluding": "2e.3.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:varta:one_xl:-:*:*:*:*:*:*:*", "matchCriteriaId": "0CFDDC29-1017-4404-B7F1-2B935A3C44CD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:varta:pulse_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "025EF312-0B07-4553-8AF7-EEDD80A65FC1", "versionEndExcluding": "c21010800", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:varta:pulse:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4E8517B-A421-44E3-850E-DD8D7C9A63FE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network."}], "id": "CVE-2022-22512", "lastModified": "2024-11-21T06:46:55.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2023-03-23T06:15:12.367", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2022-061/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2022-061/"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "info@cert.vde.com", "type": "Secondary"}]}