CVE-2022-22557
Description
PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Dell PowerStore stores passwords in plain text, allowing a locally authenticated attacker to disclose credentials and escalate privileges.
Vulnerability
Dell PowerStore X and T environments running versions 2.0.0.x and 2.0.1.x contain a plain-text password storage vulnerability [1]. The affected software stores certain user credentials in an unencrypted form, making them accessible to an attacker with local access to the system.
Exploitation
An attacker must have local authentication to the PowerStore system (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H) [1]. With high privileges, the attacker can read the stored plain-text passwords from the system's configuration or database files. No user interaction is required.
Impact
Successful exploitation leads to the disclosure of user credentials [1]. The attacker can then use these credentials to access the vulnerable application with the privileges of the compromised account, potentially gaining full control over the system (high confidentiality, integrity, and availability impact) [1].
Mitigation
Dell has released a security update as part of DSA-2022-014 to address this vulnerability [1]. Users should upgrade to the latest version of PowerStore. No workaround is available. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: >= 2.0.0, <= 2.0.1.x
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.dell.com/support/kbdoc/000196367mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.