admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2022/2xxx/CVE-2022-2952.json

107 lines
4.6 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2022-08-22 20:00:45 +00:00
{
"-Synchronized-Data."
2022-12-07 23:00:35 +00:00
"data_version": "4.0",
"-Synchronized-Data."
2022-08-22 20:00:45 +00:00
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-2952",
"-Synchronized-Data."
2022-12-07 23:00:35 +00:00
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
"-Synchronized-Data."
2022-08-22 20:00:45 +00:00
},
"description": {
"description_data": [
{
"lang": "eng",
"-Synchronized-Data."
2022-12-07 23:00:35 +00:00
"value": "GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-824 Access of Uninitialized Pointer",
"cweId": "CWE-824"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GE",
"product": {
"product_data": [
{
"product_name": "CIMPLICITY",
"version": {
"version_data": [
{
"version_value": "0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04",
"refsource": "MISC",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<p>GE recommends users refer to the <a target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2\">CIMPLICITY Secure Deployment Guide</a>&nbsp;(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. </p><p>For more information about this issue, see the GE Digital Product <a target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06\">Security Advisory</a>&nbsp;(login required). </p><p>For further questions, users should contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/CC_Contact\">GE</a>. </p>\n\n<br>"
}
],
"value": "\nGE recommends users refer to the CIMPLICITY Secure Deployment Guide https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2 \u00a0(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. \n\nFor more information about this issue, see the GE Digital Product Security Advisory https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06 \u00a0(login required). \n\nFor further questions, users should contact GE https://digitalsupport.ge.com/communities/CC_Contact . \n\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Kimiya working with Trend micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
"-Synchronized-Data."
2022-08-22 20:00:45 +00:00
}
]
}
}
Reference in New Issue Copy Permalink