|
[Japanese]
|
JVNDB-2022-002451
|
Multiple vulnerabilities in SVMPC1 and SVMPC2
|
|
SVMPC1 and SVMPC2 provided by Daikin Holdings Singapore Pte Ltd. contain multiple vulnerabilities listed below.
* Use of hard-coded password (CWE-259) - CVE-2022-41653
* Improper access control (CWE-284) - CVE-2022-38355
|
|
|
|
SVMPC1 and SVMPC2 sold and distributed in the regions other than Japan
- Regions:
- Singapore, Vietnam, Indonesia, Malaysia, Thailand, Taiwan, India, Mexico, Colombia, Brazil
|
Daikin Holdings Singapore Pte Ltd.
- SVMPC1 Ver2.1.22 and earlier
- SVMPC2 Ver1.2.3 and earlier
|
For more information, refer to the information provided by the developer
|
|
Exploiting these vulnerabilities may allow an attacker on the same LAN segment to access the affected product without authorization and conduct arbitrary operations.
For more information, refer to the information provided by the developer.
|
|
[Update the software]
Update the software to the latest version according to the information provided by the developer.
The automatic update will be applied when the internet connection settings are enabled.
For more information, refer to the information provided by the developer.
|
|
Daikin Holdings Singapore Pte Ltd.
|
|
- Use of Hard-coded Password(CWE-259) [Other]
- Improper Access Control(CWE-284) [Other]
|
|
- CVE-2022-41653
- CVE-2022-38355
|
|
- JVN : JVNVU#93424017
- ICS-CERT ADVISORY : ICSA-22-284-02
|
|
- [2022/10/13]
Web page was published
|
