Lucene search

SchneiderCVELIST:CVE-2022-41670

HistoryNov 04, 2022 - 12:00 a.m.

CVE-2022-41670

2022-11-0400:00:00

CWE-22

schneider

www.cve.org

cwe-22

path traversal

local user privilege

ecostruxure operator terminal expert

pro-face blue

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

16.2%

JSON

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

CNA Affected

[
  {
    "vendor": "Schneider Electric",
    "product": "EcoStruxure Operator Terminal Expert",
    "versions": [
      {
        "version": "V3.3",
        "status": "affected",
        "lessThanOrEqual": "Hotfix 1",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Schneider Electric",
    "product": "Pro-face BLUE",
    "versions": [
      {
        "version": "V3.3",
        "status": "affected",
        "lessThanOrEqual": "Hotfix 1",
        "versionType": "custom"
      }
    ]
  }
]

References

www.se.com/ww/en/download/document/SEVD-2022-284-01/

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

16.2%

JSON

Related for CVELIST:CVE-2022-41670