MidnightBSD

Advisories for varta

CVE-2022-22512

Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
varta one_l_firmware *
varta element_s4_firmware *
varta element_s3_firmware *
varta element_s1_firmware *
varta one_xl_firmware *
varta element_s2_firmware *
varta element_backup_firmware *
varta pulse_firmware *