From 64dabaad07b2fac854767ad80e27b880936edf4b Mon Sep 17 00:00:00 2001 From: Girish Kolla Date: Fri, 4 Nov 2022 18:35:28 +0530 Subject: [PATCH] Update to CVE-2022-41670 --- 2022/41xxx/CVE-2022-41670.json | 91 +++++++++++++++++++++++++++++++--- 1 file changed, 85 insertions(+), 6 deletions(-) diff --git a/2022/41xxx/CVE-2022-41670.json b/2022/41xxx/CVE-2022-41670.json index 73f8e4b9288..a62a0ace9d1 100644 --- a/2022/41xxx/CVE-2022-41670.json +++ b/2022/41xxx/CVE-2022-41670.json @@ -1,18 +1,97 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cybersecurity@se.com", "ID": "CVE-2022-41670", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EcoStruxure Operator Terminal Expert", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "V3.3", + "version_value": "Hotfix 1" + } + ] + } + }, + { + "product_name": "Pro-face BLUE", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "V3.3", + "version_value": "Hotfix 1" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior)." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.se.com/ww/en/download/document/SEVD-2022-284-01/" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file