Sign-up

ID

VAR-202206-1431


CVE

CVE-2022-2002


TITLE

AutomationDirect DirectLOGIC Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202206-1733

DESCRIPTION

GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. AutomationDirect DirectLOGIC with Ethernet

Trust: 0.99

sources: NVD: CVE-2022-2002 // VULMON: CVE-2022-2002

AFFECTED PRODUCTS

vendor:gemodel:cimplicityscope:lteversion:2022

Trust: 1.0

sources: NVD: CVE-2022-2002

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-2002
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202206-1733
value: HIGH

Trust: 0.6

NVD: CVE-2022-2002
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202206-1733 // NVD: CVE-2022-2002

PROBLEMTYPE DATA

problemtype:CWE-822

Trust: 1.0

sources: NVD: CVE-2022-2002

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202206-1733

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202206-1733

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-2002

PATCH
title:AutomationDirect DirectLOGIC Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=216691
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202206-1733

EXTERNAL IDS
db:NVDid:CVE-2022-2002
Trust: 1.7
db:ICS CERTid:ICSA-22-326-04
Trust: 1.6
db:AUSCERTid:ESB-2022.6117
Trust: 0.6
db:AUSCERTid:ESB-2022.2993
Trust: 0.6
db:CNNVDid:CNNVD-202206-1733
Trust: 0.6
db:ICS CERTid:ICSA-22-167-03
Trust: 0.1
db:VULMONid:CVE-2022-2002
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-2002 // 
            
            
            
            CNNVD: CNNVD-202206-1733 // 
            
            
            
            NVD: CVE-2022-2002

REFERENCES
url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04
Trust: 1.6
url:https://cxsecurity.com/cveshow/cve-2022-2002/
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2022-2002
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2022.2993
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2022.6117
Trust: 0.6
url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-03
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-2002 // 
            
            
            
            CNNVD: CNNVD-202206-1733 // 
            
            
            
            NVD: CVE-2022-2002

SOURCES
db:VULMONid:CVE-2022-2002
db:CNNVDid:CNNVD-202206-1733
db:NVDid:CVE-2022-2002

LAST UPDATE DATE
2022-12-13T00:38:58.542000+00:00

SOURCES UPDATE DATE
db:CNNVDid:CNNVD-202206-1733date:2022-12-12T00:00:00
db:NVDid:CVE-2022-2002date:2022-12-09T20:52:00

SOURCES RELEASE DATE
db:CNNVDid:CNNVD-202206-1733date:2022-06-17T00:00:00
db:NVDid:CVE-2022-2002date:2022-12-07T23:15:00