{"vulnerability": "cve-2022-2638", "sightings": [{"uuid": "b6541f1d-a5f2-48eb-9771-eaa3cb4a9619", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26388", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113963709696522749", "content": "", "creation_timestamp": "2025-02-07T17:10:07.565972Z"}, {"uuid": "2fffd296-1b4b-4f67-a30f-8d04b6cecebb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26389", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113963709712812927", "content": "", "creation_timestamp": "2025-02-07T17:10:07.740090Z"}, {"uuid": "da21f757-e0cc-46cd-9a36-bebc74435576", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26380", "type": "seen", "source": "https://t.me/cibsecurity/40599", "content": "\u203c CVE-2022-26380 \u203c\n\nA vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate if a certain SNMP key exists. An attacker could use this to trigger a reboot of an affected device by requesting specific SNMP information from the device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T12:23:19.000000Z"}, {"uuid": "d947332a-9778-4668-bd13-987b614279f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26389", "type": "seen", "source": "https://t.me/cvedetector/17513", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-26389 - ELI Resting Electrocardiograph Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-26389 \nPublished : Feb. 7, 2025, 5:15 p.m. | 2\u00a0hours, 2\u00a0minutes ago \nDescription : An improper access control vulnerability may allow privilege escalation.This issue affects:\u00a0  \n  \n  *  ELI 380 Resting Electrocardiograph:  \n  \nVersions 2.6.0 and prior;\u00a0  \n  *  ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph:  \n  \nVersions 2.3.1 and prior;\u00a0  \n  *  ELI 250c/BUR 250c Resting Electrocardiograph:\u00a0Versions 2.1.2 and prior;\u00a0  \n  *  ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph:   \n  \nVersions 2.2.0 and prior. \nSeverity: 7.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-07T20:30:48.000000Z"}, {"uuid": "db03a282-d381-4644-909a-b0799e8a7e36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26388", "type": "seen", "source": "https://t.me/cvedetector/17514", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-26388 - ELI Resting Electrocardiograph Hard-Coded Password Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-26388 \nPublished : Feb. 7, 2025, 5:15 p.m. | 2\u00a0hours, 2\u00a0minutes ago \nDescription : A use of hard-coded password vulnerability may allow authentication abuse.This issue affects ELI 380 Resting Electrocardiograph:   \n  \nVersions 2.6.0 and prior; ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph:  \n  \nVersions 2.3.1 and prior; ELI 250c/BUR 250c Resting Electrocardiograph:  \n  \nVersions 2.1.2 and prior; ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph:   \n  \nVersions 2.2.0 and prior. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-07T20:30:52.000000Z"}, {"uuid": "9e05e61e-8f0a-4ff6-a3fd-ca6f7aa3d434", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26388", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3808", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-26388\n\ud83d\udd25 CVSS Score: 6.4 (CVSS_V3)\n\ud83d\udd39 Description: A use of hard-coded password vulnerability may allow authentication abuse.This issue affects ELI 380 Resting Electrocardiograph: \n\nVersions 2.6.0 and prior; ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph:\n\nVersions 2.3.1 and prior; ELI 250c/BUR 250c Resting Electrocardiograph:\n\nVersions 2.1.2 and prior; ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: \n\nVersions 2.2.0 and prior.\n\ud83d\udccf Published: 2025-02-07T18:31:22Z\n\ud83d\udccf Modified: 2025-02-07T18:31:23Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2022-26388\n2. https://hillrom.com/en/responsible-disclosures\n3. https://www.cisa.gov/news-events/ics-medical-advisories/icsma-22-167-01", "creation_timestamp": "2025-02-07T19:03:20.000000Z"}, {"uuid": "ea791fbb-8370-4fb6-972b-3516bbed586f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26384", "type": "seen", "source": "https://t.me/cibsecurity/55168", "content": "\u203c CVE-2022-26384 \u203c\n\nIf an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-22T22:27:04.000000Z"}, {"uuid": "18cd5ec5-a482-4ae2-b3c5-3ed7c6832932", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26389", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3807", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-26389\n\ud83d\udd25 CVSS Score: 7.7 (CVSS_V3)\n\ud83d\udd39 Description: An improper access control vulnerability may allow privilege escalation.This issue affects:\u00a0\n\n  *  ELI 380 Resting Electrocardiograph:\n\nVersions 2.6.0 and prior;\u00a0\n  *  ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph:\n\nVersions 2.3.1 and prior;\u00a0\n  *  ELI 250c/BUR 250c Resting Electrocardiograph:\u00a0Versions 2.1.2 and prior;\u00a0\n  *  ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: \n\nVersions 2.2.0 and prior.\n\ud83d\udccf Published: 2025-02-07T18:31:22Z\n\ud83d\udccf Modified: 2025-02-07T18:31:23Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2022-26389\n2. https://hillrom.com/en/responsible-disclosures\n3. https://www.cisa.gov/news-events/ics-medical-advisories/icsma-22-167-01", "creation_timestamp": "2025-02-07T19:03:19.000000Z"}, {"uuid": "92332dd2-e579-4035-b097-63b890907500", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26381", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5768", "content": "#exploit\nCVE-2022-26381:\nTriggering UAF in Firefox\nhttps://www.zerodayinitiative.com/blog/2022/4/7/cve-2022-26381-gone-by-others-triggering-a-uaf-in-firefox", "creation_timestamp": "2022-04-08T11:00:14.000000Z"}]}