{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22537", "assignerOrgId": "50b5080a-775f-442e-83b5-926b5ca517b6", "state": "PUBLISHED", "assignerShortName": "S21sec", "dateReserved": "2026-01-07T14:01:04.828Z", "datePublished": "2026-01-07T17:05:41.610Z", "dateUpdated": "2026-01-07T17:23:18.255Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "QC 60/90/120", "vendor": "EFACEC", "versions": [{"status": "affected", "version": "8"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Aar\u00f3n Flecha Men\u00e9ndez"}, {"lang": "en", "type": "finder", "value": "Iv\u00e1n Alonso \u00c1lvarez"}, {"lang": "en", "type": "finder", "value": "V\u00edctor Bello Cuevas"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The lack of hardening of the system allows the user used to manage and maintain the charger to consult different files containing clear-text credentials or valuable information for an attacker."}], "value": "The lack of hardening of the system allows the user used to manage and maintain the charger to consult different files containing clear-text credentials or valuable information for an attacker."}], "impacts": [{"descriptions": [{"lang": "en", "value": "CAPEC\u2011118: Sniffing Network Traffic"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-497", "description": "CWE-497: Exposure of sensitive system information to an unauthorized control sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "50b5080a-775f-442e-83b5-926b5ca517b6", "shortName": "S21sec", "dateUpdated": "2026-01-07T17:05:41.610Z"}, "references": [{"url": "https://cds.thalesgroup.com/en"}], "source": {"discovery": "UNKNOWN"}, "tags": ["x_ICS", "x_Charger"], "title": "INFORMATION DISCLOSURE WITHIN THE OPERATING SYSTEM", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-07T17:23:07.591539Z", "id": "CVE-2026-22537", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-07T17:23:18.255Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22537", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-07T17:23:07.591539Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-07T17:23:13.854Z"}}], "cna": {"tags": ["x_ICS", "x_Charger"], "title": "INFORMATION DISCLOSURE WITHIN THE OPERATING SYSTEM", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Aar\u00f3n Flecha Men\u00e9ndez"}, {"lang": "en", "type": "finder", "value": "Iv\u00e1n Alonso \u00c1lvarez"}, {"lang": "en", "type": "finder", "value": "V\u00edctor Bello Cuevas"}], "impacts": [{"descriptions": [{"lang": "en", "value": "CAPEC\u2011118: Sniffing Network Traffic"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "EFACEC", "product": "QC 60/90/120", "versions": [{"status": "affected", "version": "8"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://cds.thalesgroup.com/en"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "The lack of hardening of the system allows the user used to manage and maintain the charger to consult different files containing clear-text credentials or valuable information for an attacker.", "supportingMedia": [{"type": "text/html", "value": "The lack of hardening of the system allows the user used to manage and maintain the charger to consult different files containing clear-text credentials or valuable information for an attacker.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-497", "description": "CWE-497: Exposure of sensitive system information to an unauthorized control sphere"}]}], "providerMetadata": {"orgId": "50b5080a-775f-442e-83b5-926b5ca517b6", "shortName": "S21sec", "dateUpdated": "2026-01-07T17:05:41.610Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22537", "state": "PUBLISHED", "dateUpdated": "2026-01-07T17:23:18.255Z", "dateReserved": "2026-01-07T14:01:04.828Z", "assignerOrgId": "50b5080a-775f-442e-83b5-926b5ca517b6", "datePublished": "2026-01-07T17:05:41.610Z", "assignerShortName": "S21sec"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The lack of hardening of the system allows the user used to manage and maintain the charger to consult different files containing clear-text credentials or valuable information for an attacker."}, {"lang": "es", "value": "La falta de endurecimiento del sistema permite al usuario utilizado para gestionar y mantener el cargador consultar diferentes archivos que contienen credenciales en texto claro o informaci\u00f3n valiosa para un atacante."}], "id": "CVE-2026-22537", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "50b5080a-775f-442e-83b5-926b5ca517b6", "type": "Secondary"}]}, "published": "2026-01-07T17:16:03.917", "references": [{"source": "50b5080a-775f-442e-83b5-926b5ca517b6", "url": "https://cds.thalesgroup.com/en"}], "sourceIdentifier": "50b5080a-775f-442e-83b5-926b5ca517b6", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-497"}], "source": "50b5080a-775f-442e-83b5-926b5ca517b6", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T08:05:38.584390+00:00", "value": {"mitigation_remediation": ["Restrict file system permissions so that only authorized users can read credential files", "Remove or encrypt clear\u2011text credential files from the system", "Apply operating system hardening best practices to close exposed file locations", "Monitor system logs for unauthorized file access attempts"], "summary": {"action": "Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The flaw affects systems running EFACEC QC 60, QC 90, and QC 120 firmware. No specific version numbers are disclosed, so the entire product line may be vulnerable until hardening measures are applied.", "description_and_impact": "The vulnerability arises from a lack of hardening in the operating system, enabling the user assigned to manage and maintain the charger to access a variety of files that contain clear\u2011text credentials and other sensitive information. This can lead to unauthorized disclosure of authentication details and asset data, potentially compromising the integrity and confidentiality of the surrounding environment. The weakness is cataloged as CWE\u2011497, indicating improper handling of data that may be exposed to privileged users.", "risk_and_exploitability": "With a CVSS v3 score of 6.8, the severity is moderate, reflecting the potential impact if an attacker gains sufficient access. The EPSS score is less than 1%, suggesting a low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local or privileged, requiring an operator or maintenance user to read the exposed files. Despite the low exploitation probability, the nature of the disclosed information warrants urgent remediation."}}}}, "created": "2026-01-08T09:48:30.992591+00:00", "updated": "2026-04-18T08:15:15.886300+00:00", "vendors": ["efacec", "efacec$PRODUCT$qc_120", "efacec$PRODUCT$qc_60", "efacec$PRODUCT$qc_90"]}