CVE-2022-38121 is a vulnerability identified in POWERCOM CO., LTD.'s UPSMON PRO software, specifically version 2.57. The core issue is that the application's configuration file stores user passwords in plaintext within a publicly accessible user directory. This design flaw corresponds to CWE-522, which refers to insufficient protection of credentials. Because the configuration file is accessible to any user with general (non-administrative) privileges on the system, an attacker who has gained such access can retrieve all stored usernames and passwords, including those of administrators. The vulnerability does not require user interaction and can be exploited remotely over the network (CVSS vector AV:N), with low attack complexity (AC:L). However, it does require the attacker to have some level of privileges (PR:L), meaning they must already have a foothold on the system as a general user. The impact primarily affects confidentiality, as the attacker can obtain sensitive credentials, but it does not directly affect integrity or availability. No known exploits are reported in the wild, and no patches have been published by the vendor as of the vulnerability disclosure date (November 10, 2022). The CVSS 3.1 base score is 6.5, categorized as medium severity, reflecting the moderate risk posed by the vulnerability given the prerequisite of user-level access and the lack of direct system disruption. The vulnerability is significant because credential disclosure can lead to privilege escalation, lateral movement, and further compromise of critical infrastructure managed by UPSMON PRO, which is a UPS (Uninterruptible Power Supply) monitoring software used in enterprise environments to ensure power reliability and management.

For European organizations, the exposure of plaintext credentials in UPSMON PRO can have serious consequences. UPSMON PRO is typically deployed in data centers, industrial control environments, and critical infrastructure facilities to monitor and manage UPS devices. If an attacker gains user-level access to a system running the vulnerable version, they can harvest administrator credentials, potentially leading to full system compromise. This could result in unauthorized control over UPS devices, disrupting power management and potentially causing downtime or damage to sensitive equipment. Confidentiality breaches may also expose internal network credentials, facilitating further lateral movement within the organization’s network. Given the critical role of UPS systems in maintaining power continuity for hospitals, manufacturing plants, and financial institutions, exploitation could indirectly impact availability and operational continuity. The vulnerability's medium severity and requirement for existing user access mean it is more likely to be exploited in targeted attacks or insider threat scenarios rather than opportunistic mass attacks. European organizations with complex IT and OT environments that rely on POWERCOM UPSMON PRO should be particularly vigilant, as compromise could affect both IT infrastructure and operational technology systems.

1. Immediate mitigation should include restricting access permissions to the UPSMON PRO configuration directory to the minimum necessary, ensuring that only authorized administrative users can read the configuration files. 2. Implement network segmentation and strict access controls to limit the ability of general users to access systems running UPSMON PRO. 3. Conduct an audit of all systems running UPSMON PRO version 2.57 to identify vulnerable installations. 4. Since no official patch is available, consider deploying compensating controls such as encrypting the configuration files manually or using file system encryption where possible. 5. Monitor logs for unusual access patterns or attempts to read configuration files. 6. Educate users about the risk of credential exposure and enforce strong internal policies to prevent unauthorized user access. 7. Plan for an upgrade or patch deployment once the vendor releases a fix, and maintain communication with POWERCOM for updates. 8. Employ multi-factor authentication (MFA) on administrative accounts to reduce the risk posed by credential disclosure. 9. Regularly rotate passwords stored in UPSMON PRO and other critical systems to limit the window of exposure.