CVE-2022-3156

EPSS 0.1%
Veröffentlicht 27.12.2022 19:15:10
Zuletzt bearbeitet 21.11.2024 07:18:56
Quelle PSIRT@rockwellautomation.com
CVE-Watchlists
Login
Unerledigt
Login

A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software.  Users are granted elevated permissions on certain product services when the software is installed. Due to 
this misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rockwellautomation ≫ Studio 5000 Logix Emulate Version >= 20.011 < 34.00

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.286

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
PSIRT@rockwellautomation.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137846

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-3156

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3156

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3156

EUVD