Sign-up

ID

VAR-202204-0229


CVE

CVE-2022-26516


TITLE

Red Lion Controls, Inc.  of  da50n  Insufficient validation of data authenticity in firmware vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-008675

DESCRIPTION

Authorized users may install a maliciously modified package file when updating the device via the web user interface. The user may inadvertently use a package file obtained from an unauthorized source or a file that was compromised between download and deployment. Red Lion Controls, Inc. of da50n Firmware contains insufficient validation of data authenticity.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. A data forgery issue vulnerability exists in the Red Lion DA50N. No detailed vulnerability details are currently provided

Trust: 2.25

sources: NVD: CVE-2022-26516 // JVNDB: JVNDB-2022-008675 // CNVD: CNVD-2022-65328 // VULMON: CVE-2022-26516

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-65328

AFFECTED PRODUCTS

vendor:redlionmodel:da50nscope:eqversion: -

Trust: 1.0

vendor:red lion controlsmodel:da50nscope:eqversion: -

Trust: 0.8

vendor:red lion controlsmodel:da50nscope:eqversion:da50n firmware

Trust: 0.8

vendor:red lion controlsmodel:da50nscope: - version: -

Trust: 0.8

vendor:redmodel:lion da50nscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-65328 // JVNDB: JVNDB-2022-008675 // NVD: CVE-2022-26516

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-26516
value: HIGH

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2022-26516
value: HIGH

Trust: 1.0

NVD: CVE-2022-26516
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-65328
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202204-3431
value: HIGH

Trust: 0.6

VULMON: CVE-2022-26516
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-26516
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-65328
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-26516
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2022-26516
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.7
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-26516
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-65328 // VULMON: CVE-2022-26516 // JVNDB: JVNDB-2022-008675 // CNNVD: CNNVD-202204-3431 // NVD: CVE-2022-26516 // NVD: CVE-2022-26516

PROBLEMTYPE DATA

problemtype:CWE-345

Trust: 1.0

problemtype:Inadequate verification of data reliability (CWE-345) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-008675 // NVD: CVE-2022-26516

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202204-3431

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-202204-3431

EXTERNAL IDS

db:NVDid:CVE-2022-26516

Trust: 3.9

db:ICS CERTid:ICSA-22-104-03

Trust: 3.1

db:JVNid:JVNVU92503855

Trust: 0.8

db:JVNDBid:JVNDB-2022-008675

Trust: 0.8

db:CNVDid:CNVD-2022-65328

Trust: 0.6

db:AUSCERTid:ESB-2022.1716

Trust: 0.6

db:CS-HELPid:SB2022041904

Trust: 0.6

db:CNNVDid:CNNVD-202204-3431

Trust: 0.6

db:VULMONid:CVE-2022-26516

Trust: 0.1

sources: CNVD: CNVD-2022-65328 // VULMON: CVE-2022-26516 // JVNDB: JVNDB-2022-008675 // CNNVD: CNNVD-202204-3431 // NVD: CVE-2022-26516

REFERENCES

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-03

Trust: 2.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-104-03

Trust: 1.2

url:https://jvn.jp/vu/jvnvu92503855/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-26516

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022041904

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1716

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-26516/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/345.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-65328 // VULMON: CVE-2022-26516 // JVNDB: JVNDB-2022-008675 // CNNVD: CNNVD-202204-3431 // NVD: CVE-2022-26516

CREDITS

Ron Brash of aDolus Technology Inc. reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202204-3431

SOURCES

db:CNVDid:CNVD-2022-65328
db:VULMONid:CVE-2022-26516
db:JVNDBid:JVNDB-2022-008675
db:CNNVDid:CNNVD-202204-3431
db:NVDid:CVE-2022-26516

LAST UPDATE DATE

2024-11-23T22:29:02.041000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-65328date:2022-09-23T00:00:00
db:VULMONid:CVE-2022-26516date:2022-04-29T00:00:00
db:JVNDBid:JVNDB-2022-008675date:2023-07-28T08:05:00
db:CNNVDid:CNNVD-202204-3431date:2022-05-05T00:00:00
db:NVDid:CVE-2022-26516date:2024-11-21T06:54:05.930

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-65328date:2022-09-23T00:00:00
db:VULMONid:CVE-2022-26516date:2022-04-20T00:00:00
db:JVNDBid:JVNDB-2022-008675date:2023-07-28T00:00:00
db:CNNVDid:CNNVD-202204-3431date:2022-04-14T00:00:00
db:NVDid:CVE-2022-26516date:2022-04-20T16:15:08.547