Cyber Resilience

CVE-2022-22833

HighPublic PoC

Published: 06 February 2022

Published
06 February 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.2472 96.3th percentile
Risk Priority 30 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-22833 is a high-severity an unspecified weakness vulnerability in Servisnet Tessa. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 3.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2022-22833 is an information disclosure vulnerability affecting Servisnet Tessa version 0.0.2. The flaw allows an unauthenticated remote attacker to retrieve sensitive data by issuing a simple request to the /js/app.js endpoint, which exposes credentials and other internal configuration details without any access controls.

An attacker with network access can exploit the issue to obtain MQTT credentials and related secrets. This enables further attacks such as unauthorized access to messaging infrastructure or lateral movement within the affected environment, consistent with the CVSS 7.5 rating reflecting high confidentiality impact and low attack complexity.

Public exploit code and proof-of-concept reports have been published on sites including Exploit-DB and Packet Storm, confirming the vulnerability can be triggered with a single unauthenticated HTTP request. The associated EPSS score has remained near 0.25 with only minimal fluctuation between its recorded peak and current values.

EU & UK References

Vulnerability details

An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

servisnet
tessa
0.0.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References