Lucene search

K
cve[email protected]CVE-2022-2866
HistoryAug 31, 2022 - 4:15 p.m.

CVE-2022-2866

2022-08-3116:15:11
CWE-787
web.nvd.nist.gov
31
4
fatek
fvdesigner
cve-2022-2866
vulnerability
arbitrary code execution
nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

34.6%

FATEK FvDesigner version 1.5.103 and prior is vulnerable to an out-of-bounds write while processing project files. If a valid user is tricked into using maliciously crafted project files, an attacker could achieve arbitrary code execution.

Affected configurations

NVD
Node
fatekfvdesignerRange1.5.103

CNA Affected

[
  {
    "product": "FvDesigner",
    "vendor": "FATEK Automation",
    "versions": [
      {
        "lessThanOrEqual": "1.5.103",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

34.6%

Related for CVE-2022-2866