Lucene search

SchneiderCVELIST:CVE-2022-37302

HistorySep 13, 2022 - 9:35 a.m.

CVE-2022-37302

2022-09-1309:35:12

CWE-119

schneider

www.cve.org

cwe-119

ecostruxure control expert

vulnerability

crash

project file

affected products

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

19.8%

JSON

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control Expert(V15.1 HF001 and prior).

CNA Affected

[
  {
    "product": "EcoStruxure Control Expert",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "lessThanOrEqual": "15.1",
        "status": "affected",
        "version": "HF001",
        "versionType": "custom"
      }
    ]
  }
]

References

www.se.com/us/en/download/document/SEVD-2022-221-03/

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

19.8%

JSON

Related for CVELIST:CVE-2022-37302