Main Vulnerability Database Vulnerabilities #VU61820

#VU61820 Unprotected storage of credentials in iNET and iNET II - CVE-2022-24120

Published: April 4, 2022

Vulnerability identifier: #VU61820

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-24120

CWE-ID: CWE-256

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
iNET
iNET II

Software vendor:
General Electric Company

Description

The vulnerability allows a local attacker to gain access to other users' credentials.

The vulnerability exists due to application stored credentials in plain text in a configuration file on the system. An attacker with physical access can view contents of the configuration file and gain access to passwords for 3rd party integration.

Remediation

Install updates from vendor's website.

External links

https://ics-cert.us-cert.gov/advisories/icsa-22-090-06

#VU61820 Unprotected storage of credentials in iNET and iNET II - CVE-2022-24120

Description

Remediation

External links

Please verify you're human