CVE-2022-2642

EPSS 0.07%
Published 02.12.2022 20:15:13
Last modified 21.11.2024 07:01:25
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

Horner Automation’s RCC 972 firmware version 15.40 contains global variables. This could allow an attacker to read out sensitive values and variable keys from the device.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Hornerautomation ≫ Rcc972 Firmware Version15.40

Hornerautomation ≫ Rcc972 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.223

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ics-cert@hq.dhs.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-1108 Excessive Reliance on Global Variables

The code is structured in a way that relies too much on using or setting global variables throughout various points in the code, instead of preserving the associated information in a narrower, more local context.

https://www.cisa.gov/uscert/ics/advisories/icsa-22-335-02

Patch

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2022-2642

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-2642

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-2642

EUVD