VAR-202211-1446
Vulnerability from variot - Updated: 2023-12-18 11:55GE CIMPICITY versions 2022 and prior is
vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code. General Electric Company of CIMPLICITY Exists in a heap-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. GE CIMPLICITY HMI/SCADA Software is an automated industrial platform of General Electric (GE). Provides true client-server visualization and control from a single machine to plant locations around the world, helping to manage operations and improve decision making. An attacker could exploit the vulnerability to potentially affect the confidentiality, availability, or integrity of the system. There are currently no vulnerability details. GE CIMPLICITY
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-1446",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cimplicity",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "2022"
},
{
"model": "cimplicity",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "2022 and earlier"
},
{
"model": "cimplicity",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "cimplicity",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "cimplicity hmi/scada software",
"scope": "lte",
"trust": 0.6,
"vendor": "ge",
"version": "\u003c=2022"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85525"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022589"
},
{
"db": "NVD",
"id": "CVE-2022-2948"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2022",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2948"
}
]
},
"cve": "CVE-2022-2948",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2022-85525",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2948",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-2948",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2948",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-85525",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-3422",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85525"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022589"
},
{
"db": "NVD",
"id": "CVE-2022-2948"
},
{
"db": "NVD",
"id": "CVE-2022-2948"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3422"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE CIMPICITY versions 2022 and prior is \n\nvulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code. General Electric Company of CIMPLICITY Exists in a heap-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. GE CIMPLICITY HMI/SCADA Software is an automated industrial platform of General Electric (GE). Provides true client-server visualization and control from a single machine to plant locations around the world, helping to manage operations and improve decision making. An attacker could exploit the vulnerability to potentially affect the confidentiality, availability, or integrity of the system. There are currently no vulnerability details. GE CIMPLICITY",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2948"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022589"
},
{
"db": "CNVD",
"id": "CNVD-2022-85525"
},
{
"db": "VULMON",
"id": "CVE-2022-2948"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2948",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-22-326-04",
"trust": 2.5
},
{
"db": "AUSCERT",
"id": "ESB-2022.6117",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU95378145",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022589",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-85525",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3422",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-2948",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85525"
},
{
"db": "VULMON",
"id": "CVE-2022-2948"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022589"
},
{
"db": "NVD",
"id": "CVE-2022-2948"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3422"
}
]
},
"id": "VAR-202211-1446",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85525"
}
],
"trust": 1.1769231
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85525"
}
]
},
"last_update_date": "2023-12-18T11:55:56.903000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for GE CIMPLICITY HMI/SCADA Software Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/364096"
},
{
"title": "GE CIMPLICITY HMI/SCADA Software Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=216960"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85525"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3422"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "Heap-based buffer overflow (CWE-122) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022589"
},
{
"db": "NVD",
"id": "CVE-2022-2948"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6117"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95378145/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2948"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2948/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85525"
},
{
"db": "VULMON",
"id": "CVE-2022-2948"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022589"
},
{
"db": "NVD",
"id": "CVE-2022-2948"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3422"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-85525"
},
{
"db": "VULMON",
"id": "CVE-2022-2948"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022589"
},
{
"db": "NVD",
"id": "CVE-2022-2948"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3422"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-85525"
},
{
"date": "2023-11-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-022589"
},
{
"date": "2022-12-07T23:15:09.930000",
"db": "NVD",
"id": "CVE-2022-2948"
},
{
"date": "2022-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3422"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-85525"
},
{
"date": "2023-11-17T08:22:00",
"db": "JVNDB",
"id": "JVNDB-2022-022589"
},
{
"date": "2023-11-07T03:47:07.493000",
"db": "NVD",
"id": "CVE-2022-2948"
},
{
"date": "2022-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3422"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3422"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "General\u00a0Electric\u00a0Company\u00a0 of \u00a0CIMPLICITY\u00a0 Heap-based buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022589"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3422"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…