{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T06:37:37.292","vulnerabilities":[{"cve":{"id":"CVE-2022-1318","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2022-04-20T16:15:08.420","lastModified":"2024-11-21T06:40:28.793","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local network for the configuration pages can be viewed by a malicious actor. The size of certain communications packets are predictable. This would allow an attacker to learn the state of the system if they can observe the traffic. This would be possible even if the traffic were encrypted, e.g., using WPA2, as the packet sizes would remain observable. The communication encryption scheme is theoretically sound, but is not strong enough for the level of protection required."},{"lang":"es","value":"Hills ComNav versión 3002-19 sufre de un canal de comunicación débil. El tráfico a través de la red local para las páginas de configuración puede ser visualizado por un actor malicioso. El tamaño de ciertos paquetes de comunicación es predecible. Esto permitiría a un atacante conocer el estado del sistema si puede observar el tráfico. Esto sería posible incluso si el tráfico estuviera cifrado, por ejemplo, utilizando WPA2, ya que el tamaño de los paquetes seguiría siendo observable. El esquema de encriptación de las comunicaciones es teóricamente sólido, pero no es lo suficientemente fuerte para el nivel de protección requerido"}],"metrics":{"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-326"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-203"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:carrier:hills_comnav_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3002-19","matchCriteriaId":"073EE70E-008B-4B42-BC73-129FCC6F4CE5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:carrier:hills_comnav:-:*:*:*:*:*:*:*","matchCriteriaId":"54B62437-9B6B-43DB-B9A1-C8E4091D829D"}]}]}],"references":[{"url":"https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-149392.pdf","source":"ics-cert@hq.dhs.gov","tags":["Vendor Advisory"]},{"url":"https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-149392.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}