CVE-2022-47188 (GCVE-0-2022-47188)
Vulnerability from cvelistv5 – Published: 2023-03-31 00:00 – Updated: 2025-02-12 14:52
VLAI?
Title
Improper Input Validation in Generex CS141
Summary
There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Credits
Joel Gámez Molina (@JoelGMSec)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:47:29.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-47188",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T14:52:40.522271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T14:52:45.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UPS CS141",
"vendor": "Generex",
"versions": [
{
"lessThan": "2.06",
"status": "affected",
"version": "2.06",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Joel G\u00e1mez Molina (@JoelGMSec)"
}
],
"datePublic": "2023-03-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-31T00:00:00.000Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
},
{
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
}
],
"solutions": [
{
"lang": "en",
"value": "This vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022."
}
],
"source": {
"advisory": "INCIBE-2023-0071",
"defect": [
"INC-2021-0055"
],
"discovery": "EXTERNAL"
},
"title": "Improper Input Validation in Generex CS141",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2022-47188",
"datePublished": "2023-03-31T00:00:00.000Z",
"dateReserved": "2022-12-12T00:00:00.000Z",
"dateUpdated": "2025-02-12T14:52:45.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:generex:cs141_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.06\", \"matchCriteriaId\": \"45AC1134-C83A-435F-AFCB-32CC1E691C9E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:generex:cs141:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE00F7F0-4011-4F62-9E11-1BBDDCE4F46B\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.\"}]",
"id": "CVE-2022-47188",
"lastModified": "2024-11-21T07:31:40.420",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"cve-coordination@incibe.es\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2023-03-31T22:15:07.227",
"references": "[{\"url\": \"https://www.generex.de/support/changelogs/cs141/2-12\", \"source\": \"cve-coordination@incibe.es\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.generex.de/support/changelogs/cs141/page:2\", \"source\": \"cve-coordination@incibe.es\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141\", \"source\": \"cve-coordination@incibe.es\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.generex.de/support/changelogs/cs141/2-12\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.generex.de/support/changelogs/cs141/page:2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve-coordination@incibe.es",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"cve-coordination@incibe.es\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-59\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-47188\",\"sourceIdentifier\":\"cve-coordination@incibe.es\",\"published\":\"2023-03-31T22:15:07.227\",\"lastModified\":\"2024-11-21T07:31:40.420\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-coordination@incibe.es\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cve-coordination@incibe.es\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-59\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:generex:cs141_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.06\",\"matchCriteriaId\":\"45AC1134-C83A-435F-AFCB-32CC1E691C9E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:generex:cs141:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE00F7F0-4011-4F62-9E11-1BBDDCE4F46B\"}]}]}],\"references\":[{\"url\":\"https://www.generex.de/support/changelogs/cs141/2-12\",\"source\":\"cve-coordination@incibe.es\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.generex.de/support/changelogs/cs141/page:2\",\"source\":\"cve-coordination@incibe.es\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141\",\"source\":\"cve-coordination@incibe.es\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.generex.de/support/changelogs/cs141/2-12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.generex.de/support/changelogs/cs141/page:2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.generex.de/support/changelogs/cs141/page:2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.generex.de/support/changelogs/cs141/2-12\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T14:47:29.466Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-47188\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-12T14:52:40.522271Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-12T14:52:37.714Z\"}}], \"cna\": {\"title\": \"Improper Input Validation in Generex CS141\", \"source\": {\"defect\": [\"INC-2021-0055\"], \"advisory\": \"INCIBE-2023-0071\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Joel G\\u00e1mez Molina (@JoelGMSec)\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Generex\", \"product\": \"UPS CS141\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.06\", \"lessThan\": \"2.06\", \"versionType\": \"custom\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"This vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022.\"}], \"datePublic\": \"2023-03-03T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141\"}, {\"url\": \"https://www.generex.de/support/changelogs/cs141/page:2\"}, {\"url\": \"https://www.generex.de/support/changelogs/cs141/2-12\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"0cbda920-cd7f-484a-8e76-bf7f4b7f4516\", \"shortName\": \"INCIBE\", \"dateUpdated\": \"2023-03-31T00:00:00.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-47188\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-12T14:52:45.725Z\", \"dateReserved\": \"2022-12-12T00:00:00.000Z\", \"assignerOrgId\": \"0cbda920-cd7f-484a-8e76-bf7f4b7f4516\", \"datePublished\": \"2023-03-31T00:00:00.000Z\", \"assignerShortName\": \"INCIBE\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…