Information disclosure

2022-11-0405:15:00

PRIOn knowledge base

www.prio-n.com

cwe-347

cryptographic signature

adversaries

local user privileges

dll

malicious code

ecostruxure operator terminal expert

pro-face blue

vulnerability

nvd

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

JSON

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

CPENameOperatorVersion
ecostruxure_operator_terminal_experteq3.3
ecostruxure_operator_terminal_expertlt3.3
pro-face_blueeq3.3
pro-face_bluelt3.3

Name	Operator	Version
ecostruxure_operator_terminal_expert	eq	3.3
ecostruxure_operator_terminal_expert	lt	3.3
pro-face_blue	eq	3.3
pro-face_blue	lt	3.3

References

www.se.com/ww/en/download/document/SEVD-2022-284-01/