VDE-2022-061

Vulnerability from csaf_vartastoragegmbh - Published: 2023-03-15 09:00 - Updated: 2023-03-15 09:00
Summary
VARTA: Multiple devices prone to hard-coded credentials
Notes
Summary: VARTA energy storage systems have a web user interface via which users and installers can access live data measurements and configure the system to their needs. It has been discovered that the corresponding credentials are hard-coded within the frontend and thus potentially exploitable.
Impact: The vulnerability allows unauthorized read and write access to the web backend. This allows reading and writing of parameters that are not intended for this purpose (e.g. connectivity settings, grid parameters). This can impact the operational availability and integrity. The safety of the battery storage device is not affected because safety relevant parameters are not accessible via the web backend.
Mitigation: General countermeasures: Restrict HTTP traffic to the energy storage system by using an inbound firewall or other measures on the network level.
Remediation: A fixed version will be rolled out OTA as soon as it is available. Rollout for VARTA element backup will start end of Q1/2023 followed by Element S4.
CVE-2022-22512

Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-798 - Use of Hard-coded Credentials
Mitigation General countermeasures: Restrict HTTP traffic to the energy storage system by using an inbound firewall or other measures on the network level.
Vendor Fix A fixed version will be rolled out OTA as soon as it is available. Rollout for VARTA element backup will start end of Q1/2023 followed by Element S4.
References
Acknowledgments
CERT@VDE certvde.com
Andreas Dolp
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "organization": "Andreas Dolp",
        "summary": "reporting"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "VARTA energy storage systems have a web user interface via which users and installers can access live data measurements and configure the system to their needs. It has been discovered that the corresponding credentials are hard-coded within the frontend and thus potentially exploitable.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "The vulnerability allows unauthorized read and write access to the web backend. This allows reading and writing of parameters that are not intended for this purpose (e.g. connectivity settings, grid parameters). This can impact the operational availability and integrity. The safety of the battery storage device is not affected because safety relevant parameters are not accessible via the web backend.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "General countermeasures: Restrict HTTP traffic to the energy storage system by using an inbound firewall or other measures on the network level.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "A fixed version will be rolled out OTA as soon as it is available. Rollout for VARTA element backup will start end of Q1/2023 followed by Element S4.",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "info@varta-storage.com",
      "name": "VARTA Storage GmbH",
      "namespace": "https://varta-storage.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "VDE-2022-061: VARTA: Multiple devices prone to hard-coded credentials - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2022-061/"
      },
      {
        "category": "self",
        "summary": "VDE-2022-061: VARTA: Multiple devices prone to hard-coded credentials - CSAF",
        "url": "https://varta-storage.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2022-061.json"
      },
      {
        "category": "external",
        "summary": "VARTA PSIRT",
        "url": "https://varta-storage.com"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for VARTA Storage GmbH",
        "url": "https://certvde.com/en/advisories/vendor/varta-storage/"
      }
    ],
    "title": "VARTA: Multiple devices prone to hard-coded credentials",
    "tracking": {
      "aliases": [
        "VDE-2022-061"
      ],
      "current_release_date": "2023-03-15T09:00:00.000Z",
      "generator": {
        "date": "2025-05-05T11:39:30.191Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.24"
        }
      },
      "id": "VDE-2022-061",
      "initial_release_date": "2023-03-15T09:00:00.000Z",
      "revision_history": [
        {
          "date": "2023-03-15T09:00:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Element backup",
                "product": {
                  "name": "Element backup",
                  "product_id": "CSAFPID-11001",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2709858310 - 90"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Element S1",
                "product": {
                  "name": "Element S1",
                  "product_id": "CSAFPID-11002",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2700852201 - 52"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Element S2",
                "product": {
                  "name": "Element S2",
                  "product_id": "CSAFPID-11003",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2700852301 - 53",
                      "2700852401 - 53"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Element S3",
                "product": {
                  "name": "Element S3",
                  "product_id": "CSAFPID-11004",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2709852201 - 53"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Element S4",
                "product": {
                  "name": "Element S4",
                  "product_id": "CSAFPID-11005",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2709858202 - 13"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "One L/XL",
                "product": {
                  "name": "One L/XL",
                  "product_id": "CSAFPID-11006",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2703852201"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Pulse (not pulse neo)",
                "product": {
                  "name": "Pulse (not pulse neo)",
                  "product_id": "CSAFPID-11007",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2707852201"
                    ]
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cF21000400",
                "product": {
                  "name": "Firmware \u003c F21000400",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2e.3.8.0",
                "product": {
                  "name": "Firmware \u003c 2e.3.8.0",
                  "product_id": "CSAFPID-21002"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2e.4.4.0",
                "product": {
                  "name": "Firmware \u003c 2e.4.4.0",
                  "product_id": "CSAFPID-21003"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cD21010400",
                "product": {
                  "name": "Firmware \u003c D21010400",
                  "product_id": "CSAFPID-21004"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cC21010800",
                "product": {
                  "name": "Firmware \u003c C21010800",
                  "product_id": "CSAFPID-21005"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "VARTA"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007"
        ],
        "summary": "Affected products."
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c F21000400 installed on Element backup",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c 2e.3.8.0 installed on Element S1",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c 2e.3.8.0 installed on Element S2",
          "product_id": "CSAFPID-31003"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c 2e.3.8.0 installed on Element S3",
          "product_id": "CSAFPID-31004"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c 2e.3.8.0 installed on Element S4",
          "product_id": "CSAFPID-31005"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c 2e.4.4.0 installed on One L/XL",
          "product_id": "CSAFPID-31006"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c D21010400 installed on Pulse (not pulse neo)",
          "product_id": "CSAFPID-31007"
        },
        "product_reference": "CSAFPID-21004",
        "relates_to_product_reference": "CSAFPID-11007"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-22512",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "category": "description",
          "text": "Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "General countermeasures: Restrict HTTP traffic to the energy storage system by using an inbound firewall or other measures on the network level.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "A fixed version will be rolled out OTA as soon as it is available. Rollout for VARTA element backup will start end of Q1/2023 followed by Element S4.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007"
          ]
        }
      ],
      "title": "CVE-2022-22512"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.