CVE-2022-50981
Default Password Vulnerability Allows Remote Full Access on Devices
Publication date: 2026-02-02
Last updated on: 2026-02-02
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ids_innomic_schwingungsmesstechnik_gmbh | vibroline | From 1.4.1074 (inc) to 1.4.1116 (inc) |
| ids_innomic_schwingungsmesstechnik_gmbh | vibroline | From 1.5.1074 (inc) to 1.5.1116 (inc) |
| ids_innomic_schwingungsmesstechnik_gmbh | vibroline | From 2.1.1340 (inc) to 2.1.1387 (inc) |
| ids_innomic_schwingungsmesstechnik_gmbh | vibroline | From 2.1.1866 (inc) |
| ids_innomic_schwingungsmesstechnik_gmbh | vibroline_configurator | From 5.0.2416 (inc) to 5.0.2486 (inc) |
| ids_innomic_schwingungsmesstechnik_gmbh | vibroline_configurator | to 5.1.2730 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an unauthenticated remote attacker to gain full access to affected devices because these devices are shipped without a password by default, and setting a password is not enforced.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain complete control over the affected devices remotely without any authentication, potentially leading to full compromise of the device's confidentiality, integrity, and availability.
What immediate steps should I take to mitigate this vulnerability?
Set a strong password on the affected devices immediately, as they are shipped without a password by default and do not enforce setting one.