CVE-2024-22084 is a vulnerability identified in Elspec G5 digital fault recorders, specifically versions 1.1.4.15 and earlier. The core issue is the exposure of sensitive authentication data—cleartext passwords and password hashes—within log files generated by the device. These log files are accessible remotely over the network without requiring any authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The vulnerability is classified under CWE-312, which concerns the storage or transmission of sensitive information in an insecure manner. The exposure of credentials in cleartext or weakly hashed form significantly increases the risk of unauthorized access, as attackers can extract these credentials and potentially compromise the device or connected systems. The vulnerability does not impact the integrity or availability of the device directly but poses a critical confidentiality risk. No patches or fixes have been released at the time of publication, and no active exploitation has been reported. The Elspec G5 digital fault recorder is commonly deployed in electrical power systems for fault detection and analysis, making this vulnerability particularly relevant to critical infrastructure protection. The ease of exploitation combined with the sensitivity of the exposed data justifies the high severity rating and CVSS score of 7.5.

The primary impact of CVE-2024-22084 is the compromise of confidentiality due to exposure of cleartext passwords and hashes in log files accessible remotely without authentication. Attackers who obtain these credentials can gain unauthorized access to the Elspec G5 devices, potentially allowing them to manipulate fault recording data, disrupt monitoring capabilities, or pivot to other systems within the network. This can undermine the reliability and security of electrical grid monitoring, leading to delayed fault detection or incorrect fault analysis. While the vulnerability does not directly affect system integrity or availability, the indirect consequences of unauthorized access could include sabotage or espionage within critical infrastructure environments. Organizations worldwide that rely on Elspec G5 devices for power system monitoring are at risk, especially those with insufficient network segmentation or weak access controls. The lack of patches increases the window of exposure, emphasizing the need for immediate mitigation. The energy sector, including utilities and grid operators, is particularly vulnerable due to the strategic importance of these devices in maintaining grid stability and safety.

To mitigate CVE-2024-22084, organizations should immediately restrict network access to Elspec G5 digital fault recorders, ensuring that log files are not accessible from untrusted networks or the internet. Implement strict network segmentation and firewall rules to limit access to management interfaces and log storage locations. Monitor access logs for unusual or unauthorized attempts to retrieve log files. If possible, disable or restrict logging of sensitive information until a patch is available. Employ strong physical security controls to prevent local access to devices. Coordinate with Elspec or authorized vendors to obtain updates or patches as soon as they are released. Additionally, consider deploying intrusion detection systems (IDS) to detect anomalous activities targeting these devices. Conduct regular audits of device configurations and log file permissions to ensure sensitive data is protected. Finally, educate operational technology (OT) and security teams about this vulnerability to enhance incident response readiness.