cvelist/2022/26xxx/CVE-2022-26419.json

{
    "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "DATE_PUBLIC": "2022-03-29T19:11:00.000Z",
        "ID": "CVE-2022-26419",
        "STATE": "PUBLIC",
        "TITLE": "Rockwell Automation Studio 5000 Logix Designer Code Injection"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "CX-Position",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_value": "2.5.3"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Omron"
                }
            ]
        }
    },
    "credit": [
        {
            "lang": "eng",
            "value": "xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."
        }
    ],
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-121"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02",
                "refsource": "CONFIRM",
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02"
            },
            {
                "refsource": "MISC",
                "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-580/",
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-580/"
            },
            {
                "refsource": "MISC",
                "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-579/",
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-579/"
            },
            {
                "refsource": "MISC",
                "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-576/",
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-576/"
            },
            {
                "refsource": "MISC",
                "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-575/",
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-575/"
            }
        ]
    },
    "solution": [
        {
            "lang": "eng",
            "value": "Omron has provided Version 2.5.4, which is only available to paying users who use the \u201cAuto Update\u201d function. Please contact Omron technical Support or an Omron representative for specific update information."
        }
    ],
    "source": {
        "advisory": "ICSA-22-088-02",
        "discovery": "UNKNOWN"
    }
}
"-Synchronized-Data." 2022-03-21 18:01:26 +00:00			`{`
			`"CVE_data_meta": {`
"-Synchronized-Data." 2022-04-01 23:01:39 +00:00			`"ASSIGNER": "ics-cert@hq.dhs.gov",`
			`"DATE_PUBLIC": "2022-03-29T19:11:00.000Z",`
"-Synchronized-Data." 2022-03-21 18:01:26 +00:00			`"ID": "CVE-2022-26419",`
"-Synchronized-Data." 2022-04-01 23:01:39 +00:00			`"STATE": "PUBLIC",`
			`"TITLE": "Rockwell Automation Studio 5000 Logix Designer Code Injection"`
"-Synchronized-Data." 2022-03-21 18:01:26 +00:00			`},`
"-Synchronized-Data." 2022-04-01 23:01:39 +00:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "CX-Position",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<=",`
			`"version_value": "2.5.3"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Omron"`
			`}`
			`]`
			`}`
			`},`
			`"credit": [`
			`{`
			`"lang": "eng",`
			`"value": "xina1i, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA."`
			`}`
			`],`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2022-03-21 18:01:26 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2022-04-01 23:01:39 +00:00			`"value": "Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code."`
			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.0.9"`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "LOCAL",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 7.8,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "NONE",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "REQUIRED",`
			`"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-121"`
			`}`
			`]`
"-Synchronized-Data." 2022-03-21 18:01:26 +00:00			`}`
			`]`
"-Synchronized-Data." 2022-04-01 23:01:39 +00:00			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02",`
			`"refsource": "CONFIRM",`
			`"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-02"`
"-Synchronized-Data." 2022-04-05 16:01:32 +00:00			`},`
			`{`
			`"refsource": "MISC",`
			`"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-580/",`
			`"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-580/"`
			`},`
			`{`
			`"refsource": "MISC",`
			`"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-579/",`
			`"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-579/"`
			`},`
			`{`
			`"refsource": "MISC",`
			`"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-576/",`
			`"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-576/"`
			`},`
			`{`
			`"refsource": "MISC",`
			`"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-575/",`
			`"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-575/"`
"-Synchronized-Data." 2022-04-01 23:01:39 +00:00			`}`
			`]`
			`},`
			`"solution": [`
			`{`
			`"lang": "eng",`
			`"value": "Omron has provided Version 2.5.4, which is only available to paying users who use the \u201cAuto Update\u201d function. Please contact Omron technical Support or an Omron representative for specific update information."`
			`}`
			`],`
			`"source": {`
			`"advisory": "ICSA-22-088-02",`
			`"discovery": "UNKNOWN"`
"-Synchronized-Data." 2022-03-21 18:01:26 +00:00			`}`
			`}`