← back
CVE-2022-38355

CVE-2022-38355

CVSS 7.5 HIGHEPSS 0.4%CWE-284
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
13 Dec 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to attackers with access to the local area network (LAN) to disclose sensitive information stored by the affected product without requiring authentication.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Daikin · SVMPC1Daikin · SVMPC2

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-02