Lucene search

[email protected]CVE-2022-27580

HistoryJul 19, 2022 - 4:15 p.m.

CVE-2022-27580

2022-07-1916:15:08

CWE-502

[email protected]

web.nvd.nist.gov

cve-2022-27580

.net

framework

deserialization

vulnerability

safety designer

arbitrary code execution

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

34.7%

JSON

A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including 1.11.0 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges of the current user when opened or imported by the Safety Designer. This compromises confidentiality integrity and availability. For the attack to succeed a user must manually open a malicious project file.

Affected configurations

NVD

Node

sicksafety_designerRange≤1.11.0

CPENameOperatorVersion
sick:safety_designersick safety designerle1.11.0

CPE	Name	Operator	Version
sick:safety_designer	sick safety designer	le	1.11.0

CNA Affected

[
  {
    "product": "SICK Safety Designer",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "All versions up to and including 1.11.0"
      }
    ]
  }
]

References

sick.com/psirt

Social References

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

34.7%

JSON

Related for CVE-2022-27580

cvelist1 prion1 nvd1