Lucene search

[email protected]NVD:CVE-2022-41976

HistoryApr 10, 2023 - 3:15 p.m.

CVE-2022-41976

2023-04-1015:15:07

[email protected]

web.nvd.nist.gov

cve-2022-41976

scada-lts

privilege escalation

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.004

Percentile

74.7%

JSON

An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 build 2948559113 allows remote attackers, authenticated in the application as a low-privileged user to change role (e.g., to administrator) by updating their user profile.

Affected configurations

Nvd

Node

scada-ltsscada-ltsRange<2.7.3

VendorProductVersionCPE
scada-ltsscada-lts*cpe:2.3:a:scada-lts:scada-lts:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
scada-lts	scada-lts	*	cpe:2.3:a:scada-lts:scada-lts::::::::

References

scada-lts.org/

github.com/SCADA-LTS/Scada-LTS/releases

m3n0sd0n4ld.blogspot.com/2022/11/scada-lts-privilege-escalation-cve-2022.html

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.004

Percentile

74.7%

JSON

Related for NVD:CVE-2022-41976

cve1 prion1 osv1 cvelist1