Lucene search

[email protected]NVD:CVE-2022-33320

HistoryJul 20, 2022 - 5:15 p.m.

CVE-2022-33320

2022-07-2017:15:08

CWE-502

[email protected]

web.nvd.nist.gov

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

30.4%

JSON

Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a project configuration file including malicious XML codes.

Affected configurations

NVD

Node

iconicsgenesis64Match10.97

iconicsgenesis64Match10.97.1

Node

mitsubishielectricmc_works64Range≤10.95.210.01

References

jvn.jp/vu/JVNVU96480474/index.html

www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

30.4%

JSON

Related for NVD:CVE-2022-33320

cve1 zdi2 prion1 cvelist1 ics1