Vulnerabilities > CVE-2022-2640 - Unspecified vulnerability in Hornerautomation Rcc972 Firmware 15.40

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
hornerautomation

Summary

The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP).

Vulnerable Configurations

Part Description Count
OS
Hornerautomation
1
Hardware
Hornerautomation
1