cvelist/2022/2xxx/CVE-2022-2088.json

{
    "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2022-2088",
        "STATE": "PUBLIC",
        "TITLE": "Elcomplus SmartICS Access Control"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "SmartICS",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "v2.3.4.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Elcomplus"
                }
            ]
        }
    },
    "credit": [
        {
            "lang": "eng",
            "value": "Michael Heinzl reported these vulnerabilities to CISA."
        }
    ],
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-284: Improper Access Control"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-05",
                "refsource": "CONFIRM",
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-05"
            }
        ]
    },
    "solution": [
        {
            "lang": "eng",
            "value": "Elcomplus has released Version 2.4 to address these vulnerabilities and recommends users update to the newest version. Users can obtain the new version on request on the official SmartICS website https://smartics.io/"
        }
    ],
    "source": {
        "discovery": "EXTERNAL"
    }
}
"-Synchronized-Data." 2022-06-15 15:01:55 +00:00			`{`
			`"CVE_data_meta": {`
"-Synchronized-Data." 2022-06-27 17:00:54 +00:00			`"ASSIGNER": "ics-cert@hq.dhs.gov",`
"-Synchronized-Data." 2022-06-15 15:01:55 +00:00			`"ID": "CVE-2022-2088",`
"-Synchronized-Data." 2022-06-27 17:00:54 +00:00			`"STATE": "PUBLIC",`
			`"TITLE": "Elcomplus SmartICS Access Control"`
"-Synchronized-Data." 2022-06-15 15:01:55 +00:00			`},`
"-Synchronized-Data." 2022-06-27 17:00:54 +00:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "SmartICS",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "=",`
			`"version_value": "v2.3.4.0"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Elcomplus"`
			`}`
			`]`
			`}`
			`},`
			`"credit": [`
			`{`
			`"lang": "eng",`
			`"value": "Michael Heinzl reported these vulnerabilities to CISA."`
			`}`
			`],`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2022-06-15 15:01:55 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2022-06-27 17:00:54 +00:00			`"value": "An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0."`
			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.0.9"`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 6.8,`
			`"baseSeverity": "MEDIUM",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "NONE",`
			`"privilegesRequired": "HIGH",`
			`"scope": "CHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-284: Improper Access Control"`
			`}`
			`]`
"-Synchronized-Data." 2022-06-15 15:01:55 +00:00			`}`
			`]`
"-Synchronized-Data." 2022-06-27 17:00:54 +00:00			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-05",`
			`"refsource": "CONFIRM",`
			`"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-05"`
			`}`
			`]`
			`},`
			`"solution": [`
			`{`
			`"lang": "eng",`
			`"value": "Elcomplus has released Version 2.4 to address these vulnerabilities and recommends users update to the newest version. Users can obtain the new version on request on the official SmartICS website https://smartics.io/"`
			`}`
			`],`
			`"source": {`
			`"discovery": "EXTERNAL"`
"-Synchronized-Data." 2022-06-15 15:01:55 +00:00			`}`
			`}`