CVE-2022-41989

Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not validate the length of RTLS report payloads during communication. This allows an attacker to send an exceedingly long payload, resulting in an out-of-bounds write to cause a denial-of-service condition or code execution.

CVSS v3 9.0 CRITICAL

9.0^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.2 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01	Third Party Advisory US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:sewio:real-time_location_system_studio:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:24

Type	Values Removed	Values Added
References	~~() https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01 - Third Party Advisory, US Government Resource~~	() https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01 - Third Party Advisory, US Government Resource
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : 9.0
Summary		(es) Real-Time Location System (RTLS) Studio de Sewio, versión 2.0.0 hasta la versión 2.6.2 incluida, no valida la longitud de los payloads del informe RTLS durante la comunicación. Esto permite a un atacante enviar un payload excesivamente larga, lo que da como resultado una escritura fuera de los límites que provoca una condición de denegación de servicio o la ejecución de código.

Information

Published : 2023-01-18 01:15

Updated : 2024-11-21 07:24

NVD link : CVE-2022-41989

Mitre link : CVE-2022-41989

CVE.ORG link : CVE-2022-41989

JSON object : View

Products Affected

sewio

real-time_location_system_studio

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2022-41989", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-01-18T01:15:11.960", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not validate the length of RTLS report payloads during communication. This allows an attacker to send an exceedingly long payload, resulting in an out-of-bounds write to cause a denial-of-service condition or code execution.\n\n"}, {"lang": "es", "value": "Real-Time Location System (RTLS) Studio de Sewio, versi\u00f3n 2.0.0 hasta la versi\u00f3n 2.6.2 incluida, no valida la longitud de los payloads del informe RTLS durante la comunicaci\u00f3n. Esto permite a un atacante enviar un payload excesivamente larga, lo que da como resultado una escritura fuera de los l\u00edmites que provoca una condici\u00f3n de denegaci\u00f3n de servicio o la ejecuci\u00f3n de c\u00f3digo."}], "lastModified": "2024-11-21T07:24:13.533", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sewio:real-time_location_system_studio:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1971DCDC-FA83-4823-B385-6409E5D6CA94", "versionEndIncluding": "2.6.2", "versionStartIncluding": "2.0.0."}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}