Sign-up

ID

VAR-202301-1301


CVE

CVE-2022-46331


TITLE

Proficy Historian  access control vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2023-002238

DESCRIPTION

An unauthorized user could possibly delete any file on the system. Proficy Historian contains an access control vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-46331 // JVNDB: JVNDB-2023-002238 // VULMON: CVE-2022-46331

AFFECTED PRODUCTS

vendor:gemodel:proficy historianscope:ltversion:2023

Trust: 1.0

vendor:gemodel:proficy historianscope:gteversion:7.0

Trust: 1.0

vendor:general electricmodel:proficy historianscope: - version: -

Trust: 0.8

vendor:general electricmodel:proficy historianscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-002238 // NVD: CVE-2022-46331

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-46331
value: HIGH

Trust: 1.8

ics-cert@hq.dhs.gov: CVE-2022-46331
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202301-1348
value: HIGH

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

ics-cert@hq.dhs.gov:
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-46331
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-002238 // NVD: CVE-2022-46331 // NVD: CVE-2022-46331 // CNNVD: CNNVD-202301-1348

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:Inappropriate access control (CWE-284) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-002238 // NVD: CVE-2022-46331

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-1348

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202301-1348

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-46331

PATCH
title:GE Digitalurl:https://www.ge.com/digital/
Trust: 0.8
title:GE Digital Proficy Historian Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=244883
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2023-002238 // 
            
            
            
            CNNVD: CNNVD-202301-1348

EXTERNAL IDS
db:NVDid:CVE-2022-46331
Trust: 3.3
db:ICS CERTid:ICSA-23-017-01
Trust: 2.5
db:JVNid:JVNVU92701384
Trust: 0.8
db:JVNDBid:JVNDB-2023-002238
Trust: 0.8
db:CNNVDid:CNNVD-202301-1348
Trust: 0.6
db:VULMONid:CVE-2022-46331
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-46331 // 
            
            
            
            JVNDB: JVNDB-2023-002238 // 
            
            
            
            NVD: CVE-2022-46331 // 
            
            
            
            CNNVD: CNNVD-202301-1348

REFERENCES
url:https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01
Trust: 1.8
url:https://digitalsupport.ge.com/s/article/ge-digital-product-security-advisory-ged-23-01
Trust: 1.7
url:https://jvn.jp/vu/jvnvu92701384/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2022-46331
Trust: 0.8
url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-017-01
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2022-46331/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/284.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-46331 // 
            
            
            
            JVNDB: JVNDB-2023-002238 // 
            
            
            
            NVD: CVE-2022-46331 // 
            
            
            
            CNNVD: CNNVD-202301-1348

SOURCES
db:VULMONid:CVE-2022-46331
db:JVNDBid:JVNDB-2023-002238
db:NVDid:CVE-2022-46331
db:CNNVDid:CNNVD-202301-1348

LAST UPDATE DATE
2023-12-18T11:55:09.375000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2022-46331date:2023-01-18T00:00:00
db:JVNDBid:JVNDB-2023-002238date:2023-06-29T01:20:00
db:NVDid:CVE-2022-46331date:2023-11-07T03:55:34.133
db:CNNVDid:CNNVD-202301-1348date:2023-07-10T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2022-46331date:2023-01-18T00:00:00
db:JVNDBid:JVNDB-2023-002238date:2023-06-29T00:00:00
db:NVDid:CVE-2022-46331date:2023-01-18T00:15:12.183
db:CNNVDid:CNNVD-202301-1348date:2023-01-18T00:00:00