What is CVE-2022-1666?

CVE-2022-1666 is a medium-severity vulnerability in Secheron Sepcos Control And Protection Relay Firmware Package, classified under Insufficiently Protected Credentials. CVSS score: 6.5/10. Published 2022-06-24.

How severe is CVE-2022-1666?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Secheron Sepcos Control And Protection Relay Firmware Package

CVE-2022-1666

The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the password using a widely available open-source tool.

EPSS: 0.002 (36.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Secheron Sepcos Control And Protection Relay Firmware Package — versions All versions

Weakness classification (CWE)

CWE-522 — Insufficiently Protected Credentials

References

www.cisa.gov/uscert/ics/advisories/icsa-22-174-03 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-1666?: CVE-2022-1666 is a medium-severity vulnerability in Secheron Sepcos Control And Protection Relay Firmware Package, classified under Insufficiently Protected Credentials. CVSS score: 6.5/10. Published 2022-06-24.
How severe is CVE-2022-1666?: Medium severity. CVSS v3 base score is 6.5 out of 10.