9.8

CVE-2022-46732

CVE-2022-46732

Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GeProficy Historian Version >= 7.0 < 2023
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.82% 0.525
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01
Vendor Advisory
Permissions Required
https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01
Third Party Advisory
US Government Resource