Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-2640

The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP).

Published

2022-12-02T20:15:12.550

Last Modified

2024-11-21T07:01:25.450

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-326

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	hornerautomation	rcc972_firmware	15.40	Yes
Hardware	hornerautomation	rcc972	-	No

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-335-02 Patch, Third Party Advisory, US Government Resource ([email protected])
https://www.cisa.gov/uscert/ics/advisories/icsa-22-335-02 Patch, Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)