Lucene search

[email protected]NVD:CVE-2022-33316

HistoryJul 20, 2022 - 5:15 p.m.

CVE-2022-33316

2022-07-2017:15:08

CWE-502

[email protected]

web.nvd.nist.gov

deserialization vulnerability

iconics genesis64

mitsubishi electric mc works64

unauthenticated attacker

arbitrary code execution

xaml code.

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

30.2%

JSON

Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a monitoring screen file including malicious XAML codes.

Affected configurations

NVD

Node

iconicsgenesis64Match10.97

iconicsgenesis64Match10.97.1

Node

mitsubishielectricmc_works64Range≤10.95.210.01

References

jvn.jp/vu/JVNVU96480474/index.html

www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

30.2%

JSON

Related for NVD:CVE-2022-33316

zdi1 cve1 cvelist1 prion1 ics1