Information disclosure

2022-11-0413:15:00

PRIOn knowledge base

www.prio-n.com

cwe-347

information disclosure

sgiutility

local user

privilege escalation

ecostruxure operator terminal expert

pro-face blue

dll

malicious code.

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

JSON

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

CPENameOperatorVersion
ecostruxure_operator_terminal_experteq3.3
ecostruxure_operator_terminal_expertlt3.3
ecostruxure_operator_terminal_experteq3.3 hotfix1
pro-face_blueeq3.3
pro-face_bluelt3.3
pro-face_blueeq3.3 hotfix1

Name	Operator	Version
ecostruxure_operator_terminal_expert	eq	3.3
ecostruxure_operator_terminal_expert	lt	3.3
ecostruxure_operator_terminal_expert	eq	3.3 hotfix1
pro-face_blue	eq	3.3
pro-face_blue	lt	3.3
pro-face_blue	eq	3.3 hotfix1

References

www.se.com/ww/en/download/document/SEVD-2022-284-01/