JVNDB-2022-002451

Multiple vulnerabilities in SVMPC1 and SVMPC2

SVMPC1 and SVMPC2 provided by Daikin Holdings Singapore Pte Ltd. contain multiple vulnerabilities listed below.

* Use of hard-coded password (CWE-259) - CVE-2022-41653
* Improper access control (CWE-284) - CVE-2022-38355

SVMPC1 and SVMPC2 sold and distributed in the regions other than Japan

• Regions:
  • Singapore, Vietnam, Indonesia, Malaysia, Thailand, Taiwan, India, Mexico, Colombia, Brazil

Daikin Holdings Singapore Pte Ltd.

• SVMPC1 Ver2.1.22 and earlier
• SVMPC2 Ver1.2.3 and earlier

For more information, refer to the information provided by the developer

Exploiting these vulnerabilities may allow an attacker on the same LAN segment to access the affected product without authorization and conduct arbitrary operations.

For more information, refer to the information provided by the developer.

[Update the software]
Update the software to the latest version according to the information provided by the developer.
The automatic update will be applied when the internet connection settings are enabled.

For more information, refer to the information provided by the developer.

Daikin Holdings Singapore Pte Ltd.

• Daikin Holdings Singapore Pte Ltd. : Vulnerability in SVM Series

1. Use of Hard-coded Password(CWE-259) [Other]
2. Improper Access Control(CWE-284) [Other]

1. CVE-2022-41653
2. CVE-2022-38355

1. JVN : JVNVU#93424017
2. National Vulnerability Database (NVD) : CVE-2022-38355
3. National Vulnerability Database (NVD) : CVE-2022-41653
4. ICS-CERT ADVISORY : ICSA-22-284-02

• [2022/10/13]
    Web page was published
  
• [2024/05/30]
    CVSS Severity was modified
    References : Contents were added