{"api_version":"1","generated_at":"2026-07-14T18:36:01+00:00","cve":"CVE-2022-4312","urls":{"html":"https://cve.report/CVE-2022-4312","api":"https://cve.report/api/cve/CVE-2022-4312.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-4312","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-4312"},"summary":{"title":"CVE-2022-4312","description":"A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could\nallow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files\nto discover the associated simple mail transfer protocol (SMTP) account credentials and the SIM card PIN code.\nSuccessful exploitation of this vulnerability could allow an unauthorized user access to the underlying email\naccount and SIM card.","state":"PUBLISHED","assigner":"icscert","published_at":"2022-12-12 18:15:13","updated_at":"2026-07-09 18:32:08"},"problem_types":["CWE-312","CWE-522","CWE-312 CWE-312 Cleartext Storage of Sensitive Information"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"5.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"ics-cert@hq.dhs.gov","type":"Secondary","score":"5.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"5.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}}],"references":[{"url":"https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1171-security-bulletin-2022-7","name":"https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1171-security-bulletin-2022-7","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required","Vendor Advisory"],"title":"Security bulletin","mime":"text/html","httpstatus":"403","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-4312","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4312","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"ARC Informatique","product":"PcVue","version":"affected 8.10 15.2.3 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"ARC Informatique","lang":"en"}],"nvd_cpes":[{"cve_year":"2022","cve_id":"4312","vulnerable":"1","versionEndIncluding":"15.2.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"arcinfo","cpe5":"pcvue","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2022","cve_id":"4312","cve":"CVE-2022-4312","epss":"0.001140000","percentile":"0.017810000","score_date":"2026-07-13","updated_at":"2026-07-14 00:13:16"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-03T01:34:50.159Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1171-security-bulletin-2022-7"}],"title":"CVE Program Container"},{"metrics":[{"other":{"content":{"id":"CVE-2022-4312","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-04-14T17:44:58.764003Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-04-14T18:00:16.760Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"PcVue","vendor":"ARC Informatique","versions":[{"lessThanOrEqual":"15.2.3","status":"affected","version":"8.10","versionType":"custom"}]}],"credits":[{"lang":"en","type":"reporter","user":"00000000-0000-4000-9000-000000000000","value":"ARC Informatique"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\nA cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could\nallow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files\nto discover the associated simple mail transfer protocol (SMTP) account credentials and the SIM card PIN code.\nSuccessful exploitation of this vulnerability could allow an unauthorized user access to the underlying email\naccount and SIM card.\n\n"}],"value":"\nA cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could\nallow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files\nto discover the associated simple mail transfer protocol (SMTP) account credentials and the SIM card PIN code.\nSuccessful exploitation of this vulnerability could allow an unauthorized user access to the underlying email\naccount and SIM card.\n\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-312","description":"CWE-312 Cleartext Storage of Sensitive Information","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-12-12T17:10:22.202Z","orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert"},"references":[{"tags":["vendor-advisory"],"url":"https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1171-security-bulletin-2022-7"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}}},"cveMetadata":{"assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","assignerShortName":"icscert","cveId":"CVE-2022-4312","datePublished":"2022-12-12T17:10:22.202Z","dateReserved":"2022-12-06T19:08:58.863Z","dateUpdated":"2025-04-14T18:00:16.760Z","requesterUserId":"4bacbe59-ded0-410b-af09-0c6f387b5ddc","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2022-12-12 18:15:13","lastModifiedDate":"2026-07-09 18:32:08","problem_types":["CWE-312","CWE-522","CWE-312 CWE-312 Cleartext Storage of Sensitive Information"],"metrics":{"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-04-14T17:44:58.764003Z","id":"CVE-2022-4312","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:arcinfo:pcvue:*:*:*:*:*:*:*:*","versionStartIncluding":"8.10","versionEndIncluding":"15.2.3","matchCriteriaId":"027DA82C-B1DC-4EAD-8D50-596394AF657A"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"4312","Ordinal":"1","Title":"CVE-2022-4312","CVE":"CVE-2022-4312","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"4312","Ordinal":"1","NoteData":"A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could\nallow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files\nto discover the associated simple mail transfer protocol (SMTP) account credentials and the SIM card PIN code.\nSuccessful exploitation of this vulnerability could allow an unauthorized user access to the underlying email\naccount and SIM card.","Type":"Description","Title":"CVE-2022-4312"}]}}}