CVE-2022-47311 Information

Description

A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist then it sends a value for username and password which allows successful authentication for a connection.

Reference

https://dataprobe.com/support/iboot-pdu/local_upgrade_pdu_procedure.pdf https://www.cisa.gov/news-events/ics-advisories/icsa-22-263-03