cvelist/2022/25xxx/CVE-2022-25959.json

{
    "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "DATE_PUBLIC": "2022-03-29T19:11:00.000Z",
        "ID": "CVE-2022-25959",
        "STATE": "PUBLIC",
        "TITLE": "Rockwell Automation Studio 5000 Logix Designer Improper Restriction of Operations within the Bounds of a Memory Buffer"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "CX-Position",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_value": "2.5.3"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Omron"
                }
            ]
        }
    },
    "credit": [
        {
            "lang": "eng",
            "value": "xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
        }
    ],
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02",
                "refsource": "CONFIRM",
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02"
            },
            {
                "refsource": "MISC",
                "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-577/",
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-577/"
            }
        ]
    },
    "solution": [
        {
            "lang": "eng",
            "value": "Omron has provided Version 2.5.4, which is only available to paying users who use the \u201cAuto Update\u201d function. Please contact Omron technical Support or an Omron representative for specific update information."
        }
    ],
    "source": {
        "advisory": "ICSA-22-088-02",
        "discovery": "UNKNOWN"
    }
}
"-Synchronized-Data." 2022-03-21 18:01:26 +00:00			`{`
			`"CVE_data_meta": {`
"-Synchronized-Data." 2022-04-01 23:01:39 +00:00			`"ASSIGNER": "ics-cert@hq.dhs.gov",`
			`"DATE_PUBLIC": "2022-03-29T19:11:00.000Z",`
"-Synchronized-Data." 2022-03-21 18:01:26 +00:00			`"ID": "CVE-2022-25959",`
"-Synchronized-Data." 2022-04-01 23:01:39 +00:00			`"STATE": "PUBLIC",`
			`"TITLE": "Rockwell Automation Studio 5000 Logix Designer Improper Restriction of Operations within the Bounds of a Memory Buffer"`
"-Synchronized-Data." 2022-03-21 18:01:26 +00:00			`},`
"-Synchronized-Data." 2022-04-01 23:01:39 +00:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "CX-Position",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<=",`
			`"version_value": "2.5.3"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Omron"`
			`}`
			`]`
			`}`
			`},`
			`"credit": [`
			`{`
			`"lang": "eng",`
			`"value": "xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."`
			`}`
			`],`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2022-03-21 18:01:26 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2022-04-01 23:01:39 +00:00			`"value": "Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code."`
			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.0.9"`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "LOCAL",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 7.8,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "NONE",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "REQUIRED",`
			`"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"`
			`}`
			`]`
"-Synchronized-Data." 2022-03-21 18:01:26 +00:00			`}`
			`]`
"-Synchronized-Data." 2022-04-01 23:01:39 +00:00			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02",`
			`"refsource": "CONFIRM",`
			`"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02"`
"-Synchronized-Data." 2022-04-05 16:01:32 +00:00			`},`
			`{`
			`"refsource": "MISC",`
			`"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-577/",`
			`"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-577/"`
"-Synchronized-Data." 2022-04-01 23:01:39 +00:00			`}`
			`]`
			`},`
			`"solution": [`
			`{`
			`"lang": "eng",`
			`"value": "Omron has provided Version 2.5.4, which is only available to paying users who use the \u201cAuto Update\u201d function. Please contact Omron technical Support or an Omron representative for specific update information."`
			`}`
			`],`
			`"source": {`
			`"advisory": "ICSA-22-088-02",`
			`"discovery": "UNKNOWN"`
"-Synchronized-Data." 2022-03-21 18:01:26 +00:00			`}`
			`}`