CVE-2022-2640 HIGH

CVE-2022-2640

Vendor Horner Automation
Product Remote Compact Controller (RCC) 972
Weakness CWE-326 · Weak encryption
Published December 12, 2022
Last update April 16, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP).

Key dates

02Disclosure timeline

December 12, 2022 CVE published
April 16, 2025 Record updated