CVE-2022-2642

EPSS 0.07%
Veröffentlicht 02.12.2022 20:15:13
Zuletzt bearbeitet 21.11.2024 07:01:25
Quelle ics-cert@hq.dhs.gov
Teams Watchlist Login
Unerledigt Login

Horner Automation’s RCC 972 firmware version 15.40 contains global variables. This could allow an attacker to read out sensitive values and variable keys from the device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hornerautomation ≫ Rcc972 Firmware Version15.40

Hornerautomation ≫ Rcc972 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.223

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ics-cert@hq.dhs.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-1108 Excessive Reliance on Global Variables

The code is structured in a way that relies too much on using or setting global variables throughout various points in the code, instead of preserving the associated information in a narrower, more local context.

https://www.cisa.gov/uscert/ics/advisories/icsa-22-335-02

Patch

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2022-2642

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-2642

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-2642

EUVD