CVE-2022-34290

{"id": "CVE-2022-34290", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-07-12T10:15:11.880", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439148.pdf", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains a stack corruption vulnerability while parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-055)"}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en PADS Standard/Plus Viewer (Todas las versiones). La aplicaci\u00f3n afectada contiene una vulnerabilidad de corrupci\u00f3n de pila al analizar los archivos PCB. Un atacante podr\u00eda aprovechar esta vulnerabilidad para filtrar informaci\u00f3n en el contexto del proceso actual. (FG-VD-22-055)"}], "lastModified": "2023-06-29T15:33:27.303", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:pads_viewer:*:*:*:*:plus:*:*:*", "vulnerable": true, "matchCriteriaId": "38C50BD1-5469-4F73-A46F-B5B36155EB83"}, {"criteria": "cpe:2.3:a:siemens:pads_viewer:*:*:*:*:standard:*:*:*", "vulnerable": true, "matchCriteriaId": "D347533A-CA57-42AE-B28D-E5CBCD5BB05E"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}