Lucene search

IcscertCVELIST:CVE-2022-2759

HistoryAug 16, 2022 - 12:00 a.m.

CVE-2022-2759

2022-08-1600:00:00

CWE-611

icscert

www.cve.org

delta electronics

dras

xml entity

attack

sensitive information

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

8.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.0%

JSON

Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. This may allow an attacker to view sensitive documents and information on the affected host.

CNA Affected

[
  {
    "product": "Delta Robot Automation Studio (DRAS)",
    "vendor": "Delta Electronics",
    "versions": [
      {
        "lessThan": "1.13.20",
        "status": "affected",
        "version": "All versions",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-22-228-03

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

8.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.0%

JSON

Related for CVELIST:CVE-2022-2759