Sign-up

ID

VAR-202211-1448


CVE

CVE-2022-3084


TITLE

GE CIMPLICITY HMI/SCADA Software Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202211-3427

DESCRIPTION

GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code. GE CIMPLICITY

Trust: 0.99

sources: NVD: CVE-2022-3084 // VULMON: CVE-2022-3084

AFFECTED PRODUCTS

vendor:gemodel:cimplicityscope:lteversion:2022

Trust: 1.0

sources: NVD: CVE-2022-3084

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-3084
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202211-3427
value: HIGH

Trust: 0.6

NVD: CVE-2022-3084
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202211-3427 // NVD: CVE-2022-3084

PROBLEMTYPE DATA

problemtype:CWE-824

Trust: 1.0

sources: NVD: CVE-2022-3084

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202211-3427

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202211-3427

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-3084

PATCH
title:GE CIMPLICITY HMI/SCADA Software Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=216961
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202211-3427

EXTERNAL IDS
db:ICS CERTid:ICSA-22-326-04
Trust: 1.7
db:NVDid:CVE-2022-3084
Trust: 1.7
db:AUSCERTid:ESB-2022.6117
Trust: 0.6
db:CNNVDid:CNNVD-202211-3427
Trust: 0.6
db:VULMONid:CVE-2022-3084
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-3084 // 
            
            
            
            CNNVD: CNNVD-202211-3427 // 
            
            
            
            NVD: CVE-2022-3084

REFERENCES
url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04
Trust: 1.7
url:https://cxsecurity.com/cveshow/cve-2022-3084/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2022.6117
Trust: 0.6
sources:
            
            
            VULMON: CVE-2022-3084 // 
            
            
            
            CNNVD: CNNVD-202211-3427 // 
            
            
            
            NVD: CVE-2022-3084

SOURCES
db:VULMONid:CVE-2022-3084
db:CNNVDid:CNNVD-202211-3427
db:NVDid:CVE-2022-3084

LAST UPDATE DATE
2022-12-13T00:38:58.578000+00:00

SOURCES UPDATE DATE
db:CNNVDid:CNNVD-202211-3427date:2022-12-12T00:00:00
db:NVDid:CVE-2022-3084date:2022-12-09T20:52:00

SOURCES RELEASE DATE
db:CNNVDid:CNNVD-202211-3427date:2022-11-23T00:00:00
db:NVDid:CVE-2022-3084date:2022-12-08T00:15:00