TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center-POWERCOM CO., LTD. UPSMON PRO

POWERCOM CO., LTD. UPSMON PRO - Insufficiently Protected Credentials

TVN ID	TVN-202208006
CVE ID	CVE-2022-38121
CVSS	6.5 (Medium) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products	POWERCOM CO., LTD. UPSMON PRO version 2.57
Description	UPSMON PRO configuration file stores user password in plaintext under public user directory. A remote attacker with general user privilege can access all users‘ and administrators' account names and passwords via this unprotected configuration file.
Solution	Contact tech support from POWERCOM CO., LTD.
Credit	Michael Heinzl
Public Date	2022-11-10

POWERCOM CO., LTD. UPSMON PRO - Insufficiently Protected Credentials