How to fix CVE-2022-50981?

Within 24 hours: Identify all affected devices in your environment and isolate them from production networks if possible. Within 7 days: Enforce strong password configuration on every affected device and document completion. Within 30 days: Evaluate replacement or alternative solutions with the vendor and implement network access controls to restrict device administration.

CVE-2022-50981

CRITICAL

2026-02-02 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:01 vuln.today

CVE Published

Feb 02, 2026 - 15:16 nvd

CRITICAL 9.8

Description

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.

Analysis

No password by default on industrial device — ships without any authentication, and setting a password is not enforced. Unauthenticated remote full access.

Technical Context

CWE-306 missing authentication. Device is accessible without any password in factory configuration.

Affected Products

['Affected industrial device']

Remediation

Set a strong password immediately. Apply vendor firmware update.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +49

POC: 0

CVE-2022-50981 vulnerability details – vuln.today

Back

CVE-2022-50981

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2022-50981

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code