CVE-2022-33175

moderate-risk

Published 2022-06-13

Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/get_param.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrators. The session id can then be reused to act as the administrator, allowing reading of the cleartext password, or reconfiguring the device.

Do I need to act?

0.57% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (7)

Basic Pdu Firmware

Pm Pdu Firmware

Piml Pdu Firmware

Smart Pim Firmware

Smart Pos Firmware

Smart Pom Firmware

Smart Poms Firmware

Affected Vendors

Powertekpdus

References (2)

Exploit https://gynvael.coldwind.pl/?lang=en&id=748

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 2/34 · Minimal

Exposure 14/34 · Moderate