Lucene search

PRIOn knowledge basePRION:CVE-2022-3377

HistoryNov 15, 2022 - 9:15 p.m.

Design/Logic Flaw

2022-11-1521:15:00

PRIOn knowledge base

www.prio-n.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

18.2%

JSON

Horner Automation’s Cscape version 9.90 SP 6 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory read.

CPENameOperatorVersion
cscapeeq9.90
cscapeeq9.90 sp1
cscapeeq9.90 sp2
cscapeeq9.90 sp3
cscapelt9.90
cscapeeq9.90 sp4
cscapeeq9.90 sp5
cscapeeq9.90 sp6

Name	Operator	Version
cscape	eq	9.90
cscape	eq	9.90 sp1
cscape	eq	9.90 sp2
cscape	eq	9.90 sp3
cscape	lt	9.90
cscape	eq	9.90 sp4
cscape	eq	9.90 sp5
cscape	eq	9.90 sp6

References

www.cisa.gov/uscert/ics/advisories/icsa-22-277-03

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

18.2%

JSON

Related for PRION:CVE-2022-3377