Lucene search

[email protected]CVE-2022-2897

HistoryAug 31, 2022 - 9:15 p.m.

CVE-2022-2897

2022-08-3121:15:08

CWE-59

[email protected]

web.nvd.nist.gov

measuresoft

scadapro

server

client

all versions

cve-2022-2897

nvd

privilege escalation

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.1%

JSON

Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation…

Affected configurations

NVD

Node

measuresoftscadapro_client

measuresoftscadapro_server

CPENameOperatorVersion
measuresoft:scadapro_clientmeasuresoft scadapro clienteq*
measuresoft:scadapro_servermeasuresoft scadapro servereq*

CPE	Name	Operator	Version
measuresoft:scadapro_client	measuresoft scadapro client	eq	*
measuresoft:scadapro_server	measuresoft scadapro server	eq	*

CNA Affected

[
  {
    "product": "ScadaPro Server and Client ",
    "vendor": "Measuresoft ",
    "versions": [
      {
        "status": "affected",
        "version": "All Versions"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-22-235-06

Social References

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.1%

JSON

Related for CVE-2022-2897

zdi6 nvd1 cvelist1 prion1 ics1