CVE-2022-32512

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause remote code execution when a command which exploits this vulnerability is utilized. Affected Products: CanBRASS (Versions prior to V7.5.1)

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-07_CanBRASS_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-07	Vendor Advisory
https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-07_CanBRASS_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-07	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:schneider-electric:canbrass:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:06

Type	Values Removed	Values Added
References	~~() https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-07_CanBRASS_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-07 - Vendor Advisory~~	() https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-07_CanBRASS_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-07 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~7.8~~	v2 : unknown v3 : 5.3
Summary		(es) Existe una vulnerabilidad CWE-119: Restricción inadecuada de operaciones dentro de los límites de un búfer de memoria que podría causar la ejecución remota de código cuando se utiliza un comando que explota esta vulnerabilidad. Productos afectados: CanBRASS (Versiones anteriores a V7.5.1)

Information

Published : 2023-01-30 23:15

Updated : 2024-11-21 07:06

NVD link : CVE-2022-32512

Mitre link : CVE-2022-32512

CVE.ORG link : CVE-2022-32512

JSON object : View

Products Affected

schneider-electric

canbrass

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2022-32512", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cybersecurity@se.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-01-30T23:15:09.843", "references": [{"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-07_CanBRASS_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-07", "tags": ["Vendor Advisory"], "source": "cybersecurity@se.com"}, {"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-07_CanBRASS_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-07", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause remote code execution when a command which exploits this vulnerability is utilized. Affected Products: CanBRASS (Versions prior to V7.5.1)"}, {"lang": "es", "value": "Existe una vulnerabilidad CWE-119: Restricci\u00f3n inadecuada de operaciones dentro de los l\u00edmites de un b\u00fafer de memoria que podr\u00eda causar la ejecuci\u00f3n remota de c\u00f3digo cuando se utiliza un comando que explota esta vulnerabilidad. Productos afectados: CanBRASS (Versiones anteriores a V7.5.1)"}], "lastModified": "2024-11-21T07:06:31.763", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:canbrass:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74F02D64-FD1F-4D24-AFA9-F2A71E830457", "versionEndExcluding": "7.5.1"}], "operator": "OR"}]}], "sourceIdentifier": "cybersecurity@se.com"}