admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-07 13:36:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-416xx/CVE-2022-41668.json

128 lines
4.4 KiB
JSON
Raw Normal View History

bootstrap
2023-04-24 12:24:31 +02:00
{
"id": "CVE-2022-41668",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2022-11-04T12:15:20.540",
"lastModified": "2022-11-05T02:02:55.973",
"vulnStatus": "Analyzed",
Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00
"cveTags": [],
bootstrap
2023-04-24 12:24:31 +02:00
"descriptions": [
{
"lang": "en",
"value": "A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior)."
Auto-Update: 2024-04-04T08:42:25.815847+00:00
2024-04-04 08:46:00 +00:00
},
{
"lang": "es",
"value": "Existe una vulnerabilidad CWE-704: Conversi\u00f3n de Proyecto Incorrecta que permite a adversarios con privilegios de usuario local cargar un archivo de proyecto desde un recurso compartido de red controlado por el adversario, lo que podr\u00eda resultar en la ejecuci\u00f3n de c\u00f3digo malicioso. Productos afectados: EcoStruxure Operator Terminal Expert (V3.3 Hotfix 1 o anterior), Pro-face BLUE (V3.3 Hotfix 1 o anterior)."
bootstrap
2023-04-24 12:24:31 +02:00
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "cybersecurity@se.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cybersecurity@se.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-704"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_operator_terminal_expert:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.3",
"matchCriteriaId": "5705916B-E189-4314-AD32-C8D42991DFA2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_operator_terminal_expert:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5585436E-9363-4730-9AF5-CE705093E664"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_operator_terminal_expert:3.3:hf1:*:*:*:*:*:*",
"matchCriteriaId": "1495D2CA-263C-4B9F-9C4F-A1DCA574743E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schneider-electric:pro-face_blue:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.3",
"matchCriteriaId": "297C4149-AA1F-4033-BD74-0FB908783399"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schneider-electric:pro-face_blue:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B593005-BB3F-439A-AF38-F31AFEF6FCB9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schneider-electric:pro-face_blue:3.3:hf1:*:*:*:*:*:*",
"matchCriteriaId": "D3D36B2C-AA16-4E42-90AF-DE40D6527D23"
}
]
}
]
}
],
"references": [
{
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-284-01/",
"source": "cybersecurity@se.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}
Reference in New Issue Copy Permalink