Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveSWICVE-2022-46649
HistoryFeb 10, 2023 - 6:15 p.m.

CVE-2022-46649

2023-02-1018:15:13
CWE-78
SWI
web.nvd.nist.gov
35
acemanager
aleos
cve-2022-46649
ip logging
shell command
device security

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.004

Percentile

73.6%

JSON

Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device.

Affected configurations

Nvd
Node
sierrawirelesses450Match-
OR
sierrawirelessgx450Match-
AND
sierrawirelessaleosRange4.9.7
Node
sierrawirelesslx40Match-
OR
sierrawirelesslx60Match-
OR
sierrawirelessmp70Match-
OR
sierrawirelessrv50Match-
OR
sierrawirelessrv50xMatch-
OR
sierrawirelessrv55Match-
AND
sierrawirelessaleosRange4.16.0
VendorProductVersionCPE
sierrawirelesses450-cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:*
sierrawirelessgx450-cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:*
sierrawirelessaleos*cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*
sierrawirelesslx40-cpe:2.3:h:sierrawireless:lx40:-:*:*:*:*:*:*:*
sierrawirelesslx60-cpe:2.3:h:sierrawireless:lx60:-:*:*:*:*:*:*:*
sierrawirelessmp70-cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:*
sierrawirelessrv50-cpe:2.3:h:sierrawireless:rv50:-:*:*:*:*:*:*:*
sierrawirelessrv50x-cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:*
sierrawirelessrv55-cpe:2.3:h:sierrawireless:rv55:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "ALEOS",
    "versions": [
      {
        "version": "all versions before 4.16",
        "status": "affected"
      }
    ]
  }
]

Related

cvelist 1
prion 1
nvd 1
ics 1
trellix 2
thn 1
cvelist
cvelist
CVE-2022-46649
2023-02-10 00:00:00
prion
prion
Command injection
2023-02-10 18:15:00
nvd
nvd
CVE-2022-46649
2023-02-10 18:15:13
ics
ics
Sierra Wireless AirLink Router with ALEOS Software
2023-01-26 12:00:00
trellix
trellix
Industrial and Manufacturing CVEs: Addressing the SCADA in the Room
2023-05-22 00:00:00
Industrial and Manufacturing CVEs: Addressing the SCADA in the Room
2023-05-22 00:00:00
thn
thn
Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices
2023-02-09 14:09:00

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.004

Percentile

73.6%

JSON
Related for CVE-2022-46649
cvelist1prion1nvd1ics1trellix2thn1