CVE-2022-32965 (GCVE-0-2022-32965)

Vulnerability from cvelistv5 – Published: 2022-08-04 09:15 – Updated: 2024-09-16 20:57
VLAI?
Title
ITPison OMICARD EDM - Use of Hard-coded Credentials
Summary
OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service.
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
Vendor Product Version
ITPison OMICARD EDM Affected: 5.8 , ≤ 6.0 (custom)
Create a notification for this product.
Date Public ?
2022-08-04 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:54:03.469Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.twcert.org.tw/tw/cp-132-6373-34d51-1.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OMICARD EDM",
          "vendor": "ITPison",
          "versions": [
            {
              "lessThanOrEqual": "6.0",
              "status": "affected",
              "version": "5.8",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-08-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-15T12:42:52.000Z",
        "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "shortName": "twcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.twcert.org.tw/tw/cp-132-6373-34d51-1.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Contact tech support from ITPison."
        }
      ],
      "source": {
        "advisory": "TVN-202206011",
        "discovery": "EXTERNAL"
      },
      "title": "ITPison OMICARD EDM - Use of Hard-coded Credentials",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "TWCERT/CC",
          "ASSIGNER": "cve@cert.org.tw",
          "DATE_PUBLIC": "2022-08-04T08:58:00.000Z",
          "ID": "CVE-2022-32965",
          "STATE": "PUBLIC",
          "TITLE": "ITPison OMICARD EDM - Use of Hard-coded Credentials"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OMICARD EDM",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "5.8",
                            "version_value": "6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ITPison"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-798 Use of Hard-coded Credentials"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.twcert.org.tw/tw/cp-132-6373-34d51-1.html",
              "refsource": "MISC",
              "url": "https://www.twcert.org.tw/tw/cp-132-6373-34d51-1.html"
            },
            {
              "name": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f",
              "refsource": "MISC",
              "url": "https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Contact tech support from ITPison."
          }
        ],
        "source": {
          "advisory": "TVN-202206011",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
    "assignerShortName": "twcert",
    "cveId": "CVE-2022-32965",
    "datePublished": "2022-08-04T09:15:28.816Z",
    "dateReserved": "2022-06-10T00:00:00.000Z",
    "dateUpdated": "2024-09-16T20:57:26.072Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-32965",
      "date": "2026-04-26",
      "epss": "0.02552",
      "percentile": "0.85553"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:omicard_edm_project:omicard_edm:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.8\", \"versionEndIncluding\": \"6.0\", \"matchCriteriaId\": \"F11B29BF-543C-4268-B257-E02275F6B969\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service.\"}, {\"lang\": \"es\", \"value\": \"OMICARD EDM presenta una clave de m\\u00e1quina embebida. Un atacante remoto no autenticado puede usar la clave de m\\u00e1quina para enviar carga \\u00fatil serializada al servidor para ejecutar c\\u00f3digo arbitrario, manipular datos del sistema e interrumpir el servicio\"}]",
      "id": "CVE-2022-32965",
      "lastModified": "2024-11-21T07:07:19.633",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"twcert@cert.org.tw\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2022-08-04T10:15:08.250",
      "references": "[{\"url\": \"https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f\", \"source\": \"twcert@cert.org.tw\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.twcert.org.tw/tw/cp-132-6373-34d51-1.html\", \"source\": \"twcert@cert.org.tw\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.twcert.org.tw/tw/cp-132-6373-34d51-1.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "twcert@cert.org.tw",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"twcert@cert.org.tw\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-798\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-798\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-32965\",\"sourceIdentifier\":\"twcert@cert.org.tw\",\"published\":\"2022-08-04T10:15:08.250\",\"lastModified\":\"2024-11-21T07:07:19.633\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service.\"},{\"lang\":\"es\",\"value\":\"OMICARD EDM presenta una clave de m\u00e1quina embebida. Un atacante remoto no autenticado puede usar la clave de m\u00e1quina para enviar carga \u00fatil serializada al servidor para ejecutar c\u00f3digo arbitrario, manipular datos del sistema e interrumpir el servicio\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"twcert@cert.org.tw\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"twcert@cert.org.tw\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:omicard_edm_project:omicard_edm:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.8\",\"versionEndIncluding\":\"6.0\",\"matchCriteriaId\":\"F11B29BF-543C-4268-B257-E02275F6B969\"}]}]}],\"references\":[{\"url\":\"https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f\",\"source\":\"twcert@cert.org.tw\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.twcert.org.tw/tw/cp-132-6373-34d51-1.html\",\"source\":\"twcert@cert.org.tw\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.twcert.org.tw/tw/cp-132-6373-34d51-1.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.