Lucene search

[email protected]NVD:CVE-2022-48217

HistoryJan 04, 2023 - 7:15 p.m.

CVE-2022-48217

2023-01-0419:15:09

CWE-75

[email protected]

web.nvd.nist.gov

tf_remapper_node

ros

security vulnerability

tf_topic_name

parameter

robot operating system

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.002

Percentile

62.3%

JSON

The tf_remapper_node component 1.1.1 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot’s behavior. This occurs because a topic name depends on the attacker-controlled old_tf_topic_name and/or new_tf_topic_name parameter. NOTE: the vendor’s position is “it is the responsibility of the programmer to make sure that only known and required parameters are set and unexpected parameters are not.”

Affected configurations

Nvd

Node

tradr-projecttf_remapperMatch1.1.1robot_operating_system

VendorProductVersionCPE
tradr-projecttf_remapper1.1.1cpe:2.3:a:tradr-project:tf_remapper:1.1.1:*:*:*:*:robot_operating_system:*:*

Vendor	Product	Version	CPE
tradr-project	tf_remapper	1.1.1	cpe:2.3:a:tradr-project:tf_remapper:1.1.1:::::robot_operating_system::

References

github.com/tradr-project/tf_remapper_cpp/issues/1

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.002

Percentile

62.3%

JSON

Related for NVD:CVE-2022-48217

prion1 cve1 cvelist1 vulnrichment1