Lucene search

[email protected]CVE-2022-38453

HistorySep 13, 2022 - 3:15 p.m.

CVE-2022-38453

2022-09-1315:15:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2022-38453

cms8000

binary files

compilation settings

vulnerability

reverse engineering

nvd

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.5 Medium

AI Score

Confidence

High

3.2 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

10.1%

JSON

Multiple binary application files on the CMS8000 device are compiled with ‘not stripped’ and ‘debug_info’ compilation settings. These compiler settings greatly decrease the level of effort for a threat actor to reverse engineer sensitive code and identify additional vulnerabilities.

CPENameOperatorVersion
contechealth:cms8000_firmwarecontechealth cms8000 firmwareeq-

CPE	Name	Operator	Version
contechealth:cms8000_firmware	contechealth cms8000 firmware	eq	-

References

www.cisa.gov/uscert/ics/advisories/icsma-22-244-01

Social References

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.5 Medium

AI Score

Confidence

High

3.2 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

10.1%

JSON

Related for CVE-2022-38453

cvelist1 prion1 ics1