CVE-2022-33318

2022-07-2017:15:08

CWE-502

[email protected]

web.nvd.nist.gov

deserialization

vulnerability

iconics

mitsubishi electric

arbitrary code

remote attacker

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

78.0%

JSON

Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows a remote unauthenticated attacker to execute an arbitrary malicious code by sending specially crafted packets to the GENESIS64 server.

Affected configurations

Nvd

Node

iconicsgenesis64Match10.97

iconicsgenesis64Match10.97.1

Node

mitsubishielectricmc_works64Range≤10.95.210.01

VendorProductVersionCPE
iconicsgenesis6410.97cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*
iconicsgenesis6410.97.1cpe:2.3:a:iconics:genesis64:10.97.1:*:*:*:*:*:*:*
mitsubishielectricmc_works64*cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
iconics	genesis64	10.97	cpe:2.3:a:iconics:genesis64:10.97:::::::*
iconics	genesis64	10.97.1	cpe:2.3:a:iconics:genesis64:10.97.1:::::::*
mitsubishielectric	mc_works64	*	cpe:2.3:a:mitsubishielectric:mc_works64::::::::