CVE-2022-2333 HIGH

Published: 2022-09-16 | Last Modified: 2024-11-21 | Status: Modified

Description

If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application’s context and permissions.

Additional Descriptions (1)

Si un atacante logra engañar a un usuario válido para que cargue una DLL maliciosa, el atacante puede lograr la ejecución de código en el contexto y los permisos de la aplicación Honeywell SoftMaster versión 4.51

CVSS Metrics

Base Score: 7.8 (HIGH)

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector	LOCAL
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	REQUIRED
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 5.9

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-427
[email protected]	Primary	en CWE-427

Affected Products

Vendor	Product	Version	Update	Type
honeywell	softmaster	4.51	<built-in method update of dict object at 0x7c3c40dd5900>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:honeywell:softmaster:4.51:::::::*`

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-02
Source: [email protected]

Third Party Advisory US Government Resource
https://www.security.honeywell.com/-/media/Security/Resources/PDF/Product-Warranty/Security_Notification_SN_2019-09-13-02_V4-pdf.pdf
Source: [email protected]

Not Applicable
https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-02
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory US Government Resource
https://www.security.honeywell.com/-/media/Security/Resources/PDF/Product-Warranty/Security_Notification_SN_2019-09-13-02_V4-pdf.pdf
Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable