CVE-2022-3372 HIGH

CVE-2022-3372: Cross-Site Request Forgery (CSRF) in Riello UPS Netman-204

Vendor Riello Ups

Product Netman-204

Weakness CWE-352 · CSRF

Published June 21, 2023

Last update December 6, 2024

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator passwords through a Cross Site Request Forgery due to the lack of proper validation on the CRSF token. This vulnerability could allow a remote attacker to access the administrator panel, being able to modify different parameters that are critical for industrial operations.

Key dates

02Disclosure timeline

June 21, 2023 CVE published

December 6, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-3372 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2022-4021 Permalink Manager Lite <= 2.2.20.1 - Cross-Site Request Forgery CVE-2024-31285 WordPress WordPress Tooltips plugin <= 9.5.3 - Cross Site Request Forgery (CSRF) vulnerability CVE-2022-44740 WordPress Creative Mail plugin <= 1.5.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities CVE-2025-58861 WordPress Quick Event Calendar Plugin <= 1.4.9 - Cross Site Request Forgery (CSRF) Vulnerability CVE-2023-44997 WordPress WP Forms Puzzle Captcha Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF)