VAR-202202-0242
Vulnerability from variot - Updated: 2023-12-18 11:56A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior). (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability.The specific flaw exists within the IGSSDataServer process, which listens on TCP port 12401 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0242",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "interactive graphical scada system data server",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "15.0.0.22020"
},
{
"model": "igss data server",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "igss data server",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "15.0.0.22020 and earlier"
},
{
"model": "igss",
"scope": null,
"trust": 0.7,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-320"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005365"
},
{
"db": "NVD",
"id": "CVE-2022-24311"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:interactive_graphical_scada_system_data_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.0.0.22020",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24311"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vyacheslav Moskvin",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-320"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-908"
}
],
"trust": 1.3
},
"cve": "CVE-2022-24311",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2022-24311",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-24311",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-24311",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-24311",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2022-24311",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-908",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-320"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005365"
},
{
"db": "NVD",
"id": "CVE-2022-24311"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-908"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior). (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability.The specific flaw exists within the IGSSDataServer process, which listens on TCP port 12401 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24311"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005365"
},
{
"db": "ZDI",
"id": "ZDI-22-320"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-24311",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-22-320",
"trust": 3.1
},
{
"db": "SCHNEIDER",
"id": "SEVD-2022-039-01",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-046-01",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU96061299",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005365",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-14942",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.0676",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022021405",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-908",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-320"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005365"
},
{
"db": "NVD",
"id": "CVE-2022-24311"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-908"
}
]
},
"id": "VAR-202202-0242",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.59090906
},
"last_update_date": "2023-12-18T11:56:35.499000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2022-039-01",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2022-039-01"
},
{
"title": "",
"trust": 0.7,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2022-039-01https://www.cisa.gov/uscert/ics/advisories/icsa-22-046-01"
},
{
"title": "Schneider Electric Interactive Graphical SCADA System Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=181832"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-320"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005365"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-908"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005365"
},
{
"db": "NVD",
"id": "CVE-2022-24311"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.zerodayinitiative.com/advisories/zdi-22-320/"
},
{
"trust": 1.6,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2022-039-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24311"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96061299/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-046-01"
},
{
"trust": 0.7,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2022-039-01https://www.cisa.gov/uscert/ics/advisories/icsa-22-046-01"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022021405"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-046-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0676"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-320"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005365"
},
{
"db": "NVD",
"id": "CVE-2022-24311"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-908"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-320"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005365"
},
{
"db": "NVD",
"id": "CVE-2022-24311"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-908"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-11T00:00:00",
"db": "ZDI",
"id": "ZDI-22-320"
},
{
"date": "2023-05-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-005365"
},
{
"date": "2022-02-09T23:15:19.697000",
"db": "NVD",
"id": "CVE-2022-24311"
},
{
"date": "2022-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-908"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-20T00:00:00",
"db": "ZDI",
"id": "ZDI-22-320"
},
{
"date": "2023-05-30T01:46:00",
"db": "JVNDB",
"id": "JVNDB-2022-005365"
},
{
"date": "2022-02-17T02:42:48.017000",
"db": "NVD",
"id": "CVE-2022-24311"
},
{
"date": "2022-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-908"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-908"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Interactive\u00a0Graphical\u00a0SCADA\u00a0System\u00a0Data\u00a0Server\u00a0 Past traversal vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005365"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-908"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…