admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2022/46xxx/CVE-2022-46660.json

112 lines
4.5 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2022-12-15 19:01:02 +00:00
{
"-Synchronized-Data."
2023-01-18 00:00:44 +00:00
"data_version": "4.0",
"-Synchronized-Data."
2022-12-15 19:01:02 +00:00
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-46660",
"-Synchronized-Data."
2023-01-18 00:00:44 +00:00
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
"-Synchronized-Data."
2022-12-15 19:01:02 +00:00
},
"description": {
"description_data": [
{
"lang": "eng",
"-Synchronized-Data."
2023-01-18 00:00:44 +00:00
"value": "An unauthorized user could alter or write files with full control over the path and content of the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GE Digital ",
"product": {
"product_data": [
{
"product_name": "Proficy Historian",
"version": {
"version_data": [
{
"version_value": "7.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
},
{
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01",
"refsource": "MISC",
"name": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nGE Digital released <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ge.com/digital/applications/proficy-historian\">Proficy Historian 2023</a>&nbsp;<span style=\"background-color: var(--wht);\">to mitigate these vulnerabilities. &nbsp;SIMs have also been released for all affected versions.</span><p>Users can find out more about the vulnerabilities, how to obtain, and install the updates by visiting <a target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01\">this notification document from GE Digital</a><span style=\"background-color: var(--wht);\">.&nbsp;&nbsp;</span></p>"
}
],
"value": "GE Digital released Proficy Historian 2023 https://www.ge.com/digital/applications/proficy-historian \u00a0to mitigate these vulnerabilities. \u00a0SIMs have also been released for all affected versions.Users can find out more about the vulnerabilities, how to obtain, and install the updates by visiting this notification document from GE Digital https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 .\u00a0\u00a0\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Uri Katz of Claroty Research reported these vulnerabilities to GE.\u00a0"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
"-Synchronized-Data."
2022-12-15 19:01:02 +00:00
}
]
}
}
Reference in New Issue Copy Permalink