{ "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2022-02-01T23:08:00.000Z", "ID": "CVE-2022-0365", "STATE": "PUBLIC", "TITLE": "Ricon Mobile, Inc." }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Industrial Cellular Router", "version": { "version_data": [ { "version_affected": "=", "version_name": "S9922XL", "version_value": "16.10.3" }, { "version_affected": "=", "version_name": "S9922L", "version_value": "16.10.3" } ] } } ] }, "vendor_name": "Ricon" } ] } }, "credit": [ { "lang": "eng", "value": "Gjoko Krstic of Zero Science Lab reported this vulnerability to CISA." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The affected product is vulnerable to an authenticated OS command injection, which may allow an attacker to inject and execute arbitrary shell commands as the Admin (root) user." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-78 OS Command Injection" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-032-01", "refsource": "CONFIRM", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-032-01" } ] }, "source": { "discovery": "UNKNOWN" }, "work_around": [ { "lang": "eng", "value": "Ricon Mobile has not responded to requests to work with CISA to mitigate this vulnerability. Users of the affected products are invited to contact Ricon Mobile customer support for additional information.\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\nMinimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet.\nLocate control system networks and remote devices behind firewalls and isolate them from the business network.\nWhen remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices." } ] }