Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-22512: VDE-2022-061 | CERT@VDE

Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network.

CVE
Open in Source
#vulnerability#web#hard_coded_credentials#auth

2023-03-15 10:00 (CET) VDE-2022-061

VARTA: Multiple devices prone to hard-coded credentials
Share: Email | Twitter

Published

2023-03-15 10:00 (CET)

Last update

2023-03-23 06:30 (CET)

Vendor(s)

VARTA Storage GmbH

Product(s)

Article No°

Product Name

Affected Version(s)

2709858310 - 90

Element backup

< F21000400

2700852201 - 52

Element S1

< 2e.3.8.0

2700852301 - 53

Element S2

< 2e.3.8.0

2700852401 - 53

Element S2

< 2e.3.8.0

2709852201 - 53

Element S3

< 2e.3.8.0

2709852201 - 53

Element S3

< 2e.4.4.0

2709858202 - 13

Element S4

< D21010400

2703852201

One L/XL

< 2e.3.8.0

2707852201

Pulse (not pulse neo)

< C21010800

Summary

VARTA energy storage systems have a web user interface via which users and installers can access live data measurements and configure the system to their needs. It has been discovered that the corresponding credentials are hard-coded within the frontend and thus potentially exploitable.

CVE ID

Last Update:

March 8, 2023, 8:19 a.m.

Severity

Weakness

Use of Hard-coded Credentials (CWE-798)

Summary

Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network.

Details

Impact

The vulnerability allows unauthorized read and write access to the web backend. This allows reading and writing of parameters that are not intended for this purpose (e.g. connectivity settings, grid parameters). This can impact the operational availability and integrity. The safety of the battery storage device is not affected because safety relevant parameters are not accessible via the web backend.

Solution

Mitigation

General countermeasures: Restrict HTTP traffic to the energy storage system by using an inbound firewall or other measures on the network level.

Remediation

Product-specific countermeasures: A fixed version will be rolled out OTA as soon as it is available. Rollout for VARTA element backup will start end of Q1/2023 followed by Element S4.

Reported by

Thanks also go to the security researcher Andreas Dolp for reporting and collaboration on this topic.

VARTA thanks CERT@VDE for the coordination and support with this publication.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE