Lucene search
IcscertCVELIST:CVE-2022-2892HistoryAug 23, 2022 - 12:00 a.m.
CVE-2022-2892 Measuresoft ScadaPro Server Out-of-bounds Write
2022-08-2300:00:00
CWE-787
icscert
www.cve.org
measuresoft
scadapro server
out-of-bounds write
activex control
vulnerability
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
33.2%
Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file.
CNA Affected
[
{
"product": "ScadaPro Server",
"vendor": "Measuresoft ",
"versions": [
{
"lessThan": "6.8.0.1",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
]Related
zdi
zdi
cve
cve
CVE-2022-2892
2022-08-31 21:15:08
prion
prion
Design/Logic Flaw
2022-08-31 21:15:00
ics
ics
Measuresoft ScadaPro Server
2022-08-23 12:00:00
nvd
nvd
CVE-2022-2892
2022-08-31 21:15:08
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
33.2%
Related for CVELIST:CVE-2022-2892