Details of VAR-202209-0006

ID

VAR-202209-0006

CVE

CVE-2022-3027

TITLE

contechealth of cms8000 Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-016651

DESCRIPTION

The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSID, the device can be exploited to write arbitrary files or display incorrect information. contechealth of cms8000 There are unspecified vulnerabilities in the firmware.Information may be tampered with. Contec Health CMS8000

Trust: 1.71

sources: NVD: CVE-2022-3027 // JVNDB: JVNDB-2022-016651 // VULMON: CVE-2022-3027

IOT TAXONOMY

category:

['network device']

sub_category:

access point

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	contechealth	model:	cms8000	scope:	eq	version:	-	Trust: 1.8
vendor:	contechealth	model:	cms8000	scope:	-	version:	-	Trust: 0.8
vendor:	contechealth	model:	cms8000	scope:	eq	version:	cms8000 firmware	Trust: 0.8

sources: JVNDB: JVNDB-2022-016651 // NVD: CVE-2022-3027

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-3027
value:	MEDIUM
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2022-3027
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-3027
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202209-067
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-3027
baseSeverity:	MEDIUM
baseScore:	5.7
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.1
impactScore:	3.6
version:	3.1
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2022-3027
baseSeverity:	MEDIUM
baseScore:	5.7
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-3027
baseSeverity:	MEDIUM
baseScore:	5.7
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-016651 // CNNVD: CNNVD-202209-067 // NVD: CVE-2022-3027 // NVD: CVE-2022-3027

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-016651 // NVD: CVE-2022-3027

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202209-067

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202209-067

EXTERNAL IDS

db:	NVD	id:	CVE-2022-3027	Trust: 3.4
db:	ICS CERT	id:	ICSMA-22-244-01	Trust: 2.5
db:	JVN	id:	JVNVU98006941	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-016651	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.4332	Trust: 0.6
db:	CNNVD	id:	CNNVD-202209-067	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2022-3027	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2022-3027 // JVNDB: JVNDB-2022-016651 // CNNVD: CNNVD-202209-067 // NVD: CVE-2022-3027

REFERENCES

url:	https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01	Trust: 2.5
url:	https://jvn.jp/vu/jvnvu98006941/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-3027	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsma-22-244-01	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.4332	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-3027/	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2022-3027 // JVNDB: JVNDB-2022-016651 // CNNVD: CNNVD-202209-067 // NVD: CVE-2022-3027

CREDITS

Level Nine reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202209-067

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2022-3027
db:	JVNDB	id:	JVNDB-2022-016651
db:	CNNVD	id:	CNNVD-202209-067
db:	NVD	id:	CVE-2022-3027

LAST UPDATE DATE

2025-01-30T20:14:53.564000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-016651	date:	2023-10-05T08:34:00
db:	CNNVD	id:	CNNVD-202209-067	date:	2022-09-15T00:00:00
db:	NVD	id:	CVE-2022-3027	date:	2022-09-14T22:42:43.970

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-016651	date:	2023-10-05T00:00:00
db:	CNNVD	id:	CNNVD-202209-067	date:	2022-09-01T00:00:00
db:	NVD	id:	CVE-2022-3027	date:	2022-09-13T15:15:09.257