Vulnerability Details CVE-2022-3372
There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator passwords through a Cross Site Request Forgery due to the lack of proper validation on the CRSF token. This vulnerability could allow a remote attacker to access the administrator panel, being able to modify different parameters that are critical for industrial operations.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.6%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2022-3372
-
cpe:2.3:h:riello-ups:netman_204:-
-
cpe:2.3:o:riello-ups:netman_204_firmware:02.05