CVE-2022-2332 HIGH

Published: 2022-09-16 | Last Modified: 2024-11-21 | Status: Modified

Description

A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment.

Additional Descriptions (1)

Un atacante local no privilegiado puede escalar a privilegios de administrador en Honeywell SoftMaster versión 4.51, debido a una asignación no segura de permisos

CVSS Metrics

Base Score: 7.8 (HIGH)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector	LOCAL
Attack Complexity	LOW
Privileges Required	LOW
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 5.9

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-732
[email protected]	Primary	en CWE-732

Affected Products

Vendor	Product	Version	Update	Type
honeywell	softmaster	4.51	<built-in method update of dict object at 0x7c3bf3e4e440>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:honeywell:softmaster:4.51:::::::*`

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-02
Source: [email protected]

Third Party Advisory US Government Resource
https://www.security.honeywell.com/-/media/Security/Resources/PDF/Product-Warranty/Security_Notification_SN_2019-09-13-02_V4-pdf.pdf
Source: [email protected]

Not Applicable
https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-02
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory US Government Resource
https://www.security.honeywell.com/-/media/Security/Resources/PDF/Product-Warranty/Security_Notification_SN_2019-09-13-02_V4-pdf.pdf
Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable