CVE-2022-3263

2022-09-2319:15:14

CWE-284

CWE-276

[email protected]

web.nvd.nist.gov

cve-2022-3263

measuresoft scadapro server

security descriptor

permissions

privilege escalation

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.4%

JSON

The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges.

Affected configurations

NVD

Node

measuresoftscadapro_serverMatch6.7

CPENameOperatorVersion
measuresoft:scadapro_servermeasuresoft scadapro servereq6.7

CPE	Name	Operator	Version
measuresoft:scadapro_server	measuresoft scadapro server	eq	6.7

CNA Affected

[
  {
    "product": "ScadaPro Server",
    "vendor": "Measuresoft ",
    "versions": [
      {
        "status": "affected",
        "version": "6.7"
      }
    ]
  }
]