CVE-2022-33317
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
27.5%
Inclusion of Functionality from Untrusted Control Sphere vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a monitoring screen file including malicious script codes.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| iconics:genesis64 | iconics genesis64 | eq | 10.97 |
| iconics:genesis64 | iconics genesis64 | eq | 10.97.1 |
CNA Affected
[
{
"product": "ICONICS GENESIS64; Mitsubishi Electric MC Works64",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ICONICS GENESIS64 versions 10.97.1 and prior"
},
{
"status": "affected",
"version": "Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior"
}
]
}
]References
Social References
More
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
27.5%