CVE-2022-38355 — HIGH (7.5)

Q: How severe is CVE-2022-38355?

CVE-2022-38355 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-38355?

Check the references section above for vendor advisories and patch information. Affected products include: Daikinlatam Svmpc1, Daikinlatam Svmpc2.

Vulnerability Description

Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to attackers with access to the local area network (LAN) to disclose sensitive information stored by the affected product without requiring authentication.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Daikinlatam	Svmpc1	<= 2.1.22
Daikinlatam	Svmpc2	<= 1.2.3

Related Weaknesses (CWE)

CWE-284

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-02Third Party AdvisoryUS Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-02Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2022-38355?

CVE-2022-38355 is a vulnerability with a CVSS score of 7.5 (HIGH). Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to attackers with access to the local area network (LAN) to disclose sensitive information stored by the affe...

How severe is CVE-2022-38355?

CVE-2022-38355 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-38355?

Check the references section above for vendor advisories and patch information. Affected products include: Daikinlatam Svmpc1, Daikinlatam Svmpc2.