CVE-2022-3089 MEDIUM

CVE-2022-3089: EnOcean SmartServer Hard-coded credentials

Vendor Enocean

Product Smartserver

Weakness CWE-798 · Hardcoded credentials

Published February 13, 2023

Last update January 16, 2025

View on NVD All CVEs

CVSS base score

6.3/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H

What the vulnerability does

01Description

Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file transfer protocol (FTP) server.

Key dates

02Disclosure timeline

February 13, 2023 CVE published

January 16, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-3089 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/798.html

Related vulnerabilities

Identifiers

CVE CVE-2022-3089

CWE CWE-798

CVSS 6.3 / MEDIUM

Affected versions