CVE-2022-2102

Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file upload into a location where PHP scripts may be executed.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03	Mitigation Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:secheron:sepcos_control_and_protection_relay_firmware::::::::
	cpe:2.3:o:secheron:sepcos_control_and_protection_relay_firmware::::::::
	cpe:2.3:o:secheron:sepcos_control_and_protection_relay_firmware::::::::

cpe:2.3:h:secheron:sepcos_control_and_protection_relay:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-06-24 15:15

Updated : 2024-02-28 19:09

NVD link : CVE-2022-2102

Mitre link : CVE-2022-2102

CVE.ORG link : CVE-2022-2102

JSON object : View

Products Affected

secheron

sepcos_control_and_protection_relay
sepcos_control_and_protection_relay_firmware

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

CWE-841

Improper Enforcement of Behavioral Workflow

{"id": "CVE-2022-2102", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.4, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 5.5, "exploitabilityScore": 3.9}]}, "published": "2022-06-24T15:15:10.450", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-841"}]}], "descriptions": [{"lang": "en", "value": "Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file upload into a location where PHP scripts may be executed."}, {"lang": "es", "value": "Los controles que limitan las subidas a determinadas extensiones de archivos pueden ser omitidos. Esto podr\u00eda permitir a un atacante interceptar la respuesta inicial de la p\u00e1gina de subida de archivos y modificar el c\u00f3digo asociado. Este c\u00f3digo modificado puede ser reenviado y usado por un script cargado m\u00e1s adelante en la secuencia, permitiendo la carga arbitraria de archivos en una ubicaci\u00f3n donde pueden ejecutarse scripts PHP"}], "lastModified": "2022-07-06T12:46:45.807", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:secheron:sepcos_control_and_protection_relay_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D957E1A9-E7FC-47AA-9AF3-9BAEC4566543", "versionEndExcluding": "1.23.21", "versionStartIncluding": "1.23.0"}, {"criteria": "cpe:2.3:o:secheron:sepcos_control_and_protection_relay_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "358E9B5A-E507-4B36-8193-B53017588312", "versionEndExcluding": "1.24.8", "versionStartIncluding": "1.24.0"}, {"criteria": "cpe:2.3:o:secheron:sepcos_control_and_protection_relay_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5495904A-D4A0-4FB4-9DCC-B146EB6C9374", "versionEndExcluding": "1.25.3", "versionStartIncluding": "1.25.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:secheron:sepcos_control_and_protection_relay:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6354633F-ABAA-4263-B497-276B25052B3E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}