Sign-up

ID

VAR-202207-1550


CVE

CVE-2022-2464


TITLE

Rockwell Automation  of  ISaGRAF Workbench  Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-015410

DESCRIPTION

Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the ISaGRAF Workbench software. User interaction is required for this exploit to be successful. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-2464 // JVNDB: JVNDB-2022-015410 // VULHUB: VHN-427810 // VULMON: CVE-2022-2464

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:isagraf workbenchscope:lteversion:6.6.9

Trust: 1.0

vendor:rockwellautomationmodel:isagraf workbenchscope:gteversion:6.0

Trust: 1.0

vendor:rockwell automationmodel:isagraf workbenchscope:eqversion: -

Trust: 0.8

vendor:rockwell automationmodel:isagraf workbenchscope: - version: -

Trust: 0.8

vendor:rockwell automationmodel:isagraf workbenchscope:eqversion:6.0 to 6.6.9

Trust: 0.8

sources: JVNDB: JVNDB-2022-015410 // NVD: CVE-2022-2464

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-2464
value: HIGH

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2022-2464
value: HIGH

Trust: 1.0

NVD: CVE-2022-2464
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202207-2126
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-2464
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2022-2464
baseSeverity: HIGH
baseScore: 7.7
vectorString: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-2464
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-015410 // CNNVD: CNNVD-202207-2126 // NVD: CVE-2022-2464 // NVD: CVE-2022-2464

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:Path traversal (CWE-22) [ others ]

Trust: 0.8

sources: VULHUB: VHN-427810 // JVNDB: JVNDB-2022-015410 // NVD: CVE-2022-2464

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-2126

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202207-2126

PATCH

title:Rockwell Automation ISaGRAF Workbench Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=201002

Trust: 0.6

sources: CNNVD: CNNVD-202207-2126

EXTERNAL IDS

db:NVDid:CVE-2022-2464

Trust: 3.4

db:ICS CERTid:ICSA-22-202-03

Trust: 2.6

db:JVNid:JVNVU95712880

Trust: 0.8

db:JVNDBid:JVNDB-2022-015410

Trust: 0.8

db:AUSCERTid:ESB-2022.3567

Trust: 0.6

db:CS-HELPid:SB2022072218

Trust: 0.6

db:CNNVDid:CNNVD-202207-2126

Trust: 0.6

db:VULHUBid:VHN-427810

Trust: 0.1

db:VULMONid:CVE-2022-2464

Trust: 0.1

sources: VULHUB: VHN-427810 // VULMON: CVE-2022-2464 // JVNDB: JVNDB-2022-015410 // CNNVD: CNNVD-202207-2126 // NVD: CVE-2022-2464

REFERENCES

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03

Trust: 2.6

url:https://jvn.jp/vu/jvnvu95712880/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-2464

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-2464/

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-202-03

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3567

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072218

Trust: 0.6

sources: VULHUB: VHN-427810 // VULMON: CVE-2022-2464 // JVNDB: JVNDB-2022-015410 // CNNVD: CNNVD-202207-2126 // NVD: CVE-2022-2464

CREDITS

Mashav Sapir of Claroty Research reported these vulnerabilities to Rockwell Automation and CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202207-2126

SOURCES

db:VULHUBid:VHN-427810
db:VULMONid:CVE-2022-2464
db:JVNDBid:JVNDB-2022-015410
db:CNNVDid:CNNVD-202207-2126
db:NVDid:CVE-2022-2464

LAST UPDATE DATE

2024-08-14T13:53:10.531000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-427810date:2022-08-27T00:00:00
db:JVNDBid:JVNDB-2022-015410date:2023-09-26T08:28:00
db:CNNVDid:CNNVD-202207-2126date:2022-08-29T00:00:00
db:NVDid:CVE-2022-2464date:2022-08-27T03:29:27.817

SOURCES RELEASE DATE

db:VULHUBid:VHN-427810date:2022-08-25T00:00:00
db:JVNDBid:JVNDB-2022-015410date:2023-09-26T00:00:00
db:CNNVDid:CNNVD-202207-2126date:2022-07-21T00:00:00
db:NVDid:CVE-2022-2464date:2022-08-25T18:15:10.143