Weak XOR Encryption Vulnerability in Horner Automation RCC 972
CVE-2022-2640

7.5HIGH

Key Information:

Vendor: Horner Automation
Status: Remote Compact Controller (rcc) 972
Vendor: CVE Published:; 1 December 2022

🔔 Create Horner Automation Vulnerability Alert

What is CVE-2022-2640?

The RCC 972 by Horner Automation is equipped with firmware version 15.40 that uses weak XOR encryption for its configuration files. This flaw opens the door for attackers to reverse engineer the encryption, potentially allowing them to acquire sensitive credentials for services such as FTP and HTTP. The resulting exposure can lead to unauthorized access and exploitation of the affected devices.

Affected Version(s)

Remote Compact Controller (RCC) 972 Firmware Version 15.40

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-335-02

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 1, 2022
Vulnerability Reserved
Aug 3, 2022

Credit

m1etz reported these vulnerabilities through the Computer Emergency Response Team, CERT-Bund, to CISA

CVE-2022-2640 Data

JSON