CVE-2022-2002

GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04	Third Party Advisory US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:00

Type	Values Removed	Values Added
References	~~() https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04 - Third Party Advisory, US Government Resource~~	() https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04 - Third Party Advisory, US Government Resource
Summary		(es) GE CIMPICITY versiones 2022 y anteriores es vulnerable cuando los datos de la dirección defectuosa controlan el flujo de código que comienza en gmmiObj!CGmmiOptionContainer, lo que podría permitir a un atacante ejecutar código arbitrario.

Information

Published : 2022-12-07 23:15

Updated : 2024-11-21 07:00

NVD link : CVE-2022-2002

Mitre link : CVE-2022-2002

CVE.ORG link : CVE-2022-2002

JSON object : View

Products Affected

ge

cimplicity

CWE

CWE-822

Untrusted Pointer Dereference

{"id": "CVE-2022-2002", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-12-07T23:15:09.850", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-822"}]}], "descriptions": [{"lang": "en", "value": "GE CIMPICITY versions 2022 and prior is \n\n\n\nvulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. \n\n \n\n \n\n"}, {"lang": "es", "value": "GE CIMPICITY versiones 2022 y anteriores es vulnerable cuando los datos de la direcci\u00f3n defectuosa controlan el flujo de c\u00f3digo que comienza en gmmiObj!CGmmiOptionContainer, lo que podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario."}], "lastModified": "2024-11-21T07:00:09.353", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52563130-3092-4815-97A4-D6E95961DD7F", "versionEndIncluding": "2022"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}