How severe is CVE-2022-2513?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2022-2513?

This is classified as CWE-312, which is a common weakness in software security.

CVE-2022-2513 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below, where IEDs credentials are stored in a cleartext format in the PCM600 database and logs files. An attacker having get access to the exported backup file can exploit the vulnerability and obtain user credentials of the IEDs. Additionally, an attacker with administrator access to the PCM600 host machine can obtain other user credentials by analyzing database log files. The credentials may be used to perform unauthorized modifications such as loading incorrect configurations, reboot the IEDs or cause a denial-of-service on the IEDs.

Related Vulnerabilities

CVE-2002-1696

MEDIUM

CVSS:5.5(Medium)

Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Alwa...

CWE-3122002

CVE-2005-2209

MEDIUM

CVSS:5.5(Medium)

Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users.

CWE-3122005

CVE-2008-1567

MEDIUM

CVSS:5.5(Medium)

phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive info...

CWE-3122008

CVE-2009-1466

MEDIUM

CVSS:5.5(Medium)

Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file.

CWE-3122009

CVE-2011-2916

MEDIUM

CVSS:5.5(Medium)

qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key us...

CWE-3122011

CVE-2015-1931

MEDIUM

CVSS:5.5(Medium)

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores pla...

CWE-3122015