CVE-2024-22085 identifies a security vulnerability in Elspec G5 digital fault recorders, specifically versions 1.1.4.15 and earlier. The issue arises because the shadow file, which stores hashed user passwords, is configured with world-readable permissions. This means that any user with local access to the device can read the shadow file contents without requiring authentication or elevated privileges. The shadow file typically contains sensitive password hashes that, if obtained, could be subjected to offline cracking attempts to reveal plaintext passwords. The vulnerability is classified under CWE-276 (Incorrect Default Permissions), indicating a failure to properly restrict access to sensitive files. The CVSS v3.1 base score is 6.2, with an attack vector of local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), and no impact on integrity or availability (I:N/A:N). There are no known exploits in the wild at this time, and no patches have been linked yet. However, the exposure of the shadow file represents a significant confidentiality risk, especially in environments where these devices are deployed to monitor and record fault conditions in electrical grids or industrial control systems. The vulnerability does not directly affect system integrity or availability but could facilitate further attacks if credentials are compromised.

The primary impact of CVE-2024-22085 is the potential disclosure of hashed password data from the shadow file on Elspec G5 digital fault recorders. If an attacker gains local access to the device, they can read this file and attempt offline password cracking, potentially leading to unauthorized access to the device or related systems. This compromises confidentiality and could enable lateral movement within critical infrastructure networks. While the vulnerability does not affect system integrity or availability directly, compromised credentials could allow attackers to manipulate device configurations or disrupt monitoring functions. Given that digital fault recorders are often deployed in electrical utilities and industrial environments, exploitation could indirectly impact operational reliability and safety. The requirement for local access limits the attack surface but does not eliminate risk, especially in environments where physical or network access controls are weak. Organizations relying on these devices could face increased risk of credential theft and subsequent targeted attacks against critical infrastructure.

To mitigate CVE-2024-22085, organizations should immediately audit file permissions on Elspec G5 devices to ensure the shadow file is not world-readable. Restrict access to the shadow file to only necessary system processes and administrators by setting appropriate Unix file permissions (e.g., 600 or more restrictive). Implement strict physical and network access controls to limit local access to authorized personnel only. Monitor device logs and access patterns for any suspicious activity indicating attempts to access sensitive files. If available, apply firmware or software updates from Elspec that address this permission misconfiguration. In the absence of official patches, consider deploying host-based intrusion detection systems (HIDS) to alert on unauthorized file access. Additionally, enforce strong password policies and consider multi-factor authentication where possible to reduce the risk of credential compromise. Regularly review and update device configurations as part of a broader industrial control system security program.