Lucene search

[email protected]NVD:CVE-2022-3388

HistoryNov 21, 2022 - 7:15 p.m.

CVE-2022-3388

2022-11-2119:15:13

CWE-20

[email protected]

web.nvd.nist.gov

cve-2022-3388

input validation

microscada pro

microscada x sys600

remote code execution

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

32.6%

JSON

An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA
Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user’s role.

Affected configurations

NVD

Node

hitachienergymicroscada_pro_sys600Match9.0

hitachienergymicroscada_pro_sys600Match9.1

hitachienergymicroscada_pro_sys600Match9.2

hitachienergymicroscada_pro_sys600Match9.3

hitachienergymicroscada_pro_sys600Match9.4

hitachienergymicroscada_x_sys600Match10

hitachienergymicroscada_x_sys600Match10.1

hitachienergymicroscada_x_sys600Match10.1.1

hitachienergymicroscada_x_sys600Match10.2

hitachienergymicroscada_x_sys600Match10.2.1

hitachienergymicroscada_x_sys600Match10.3

hitachienergymicroscada_x_sys600Match10.3.1

hitachienergymicroscada_x_sys600Match10.4

References

search.abb.com/library/Download.aspx?DocumentID=8DBD000123&LanguageCode=en&DocumentPartId=&Action=Launch&elqaid=4293&elqat=1

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

32.6%

JSON

Related for NVD:CVE-2022-3388

cnvd1 prion1 cve1 ics1 cvelist1