Lucene search

IcscertCVE-2022-38453

HistorySep 13, 2022 - 3:15 p.m.

CVE-2022-38453

2022-09-1315:15:08

CWE-489

icscert

web.nvd.nist.gov

cve-2022-38453

cms8000

binary files

compilation settings

vulnerability

reverse engineering

nvd

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

4.9

Confidence

High

EPSS

Percentile

10.4%

JSON

Multiple binary application files on the CMS8000 device are compiled with ‘not stripped’ and ‘debug_info’ compilation settings. These compiler settings greatly decrease the level of effort for a threat actor to reverse engineer sensitive code and identify additional vulnerabilities.

Affected configurations

Nvd

Node

contechealthcms8000_firmwareMatch-

AND

contechealthcms8000Match-

VendorProductVersionCPE
contechealthcms8000_firmware-cpe:2.3:o:contechealth:cms8000_firmware:-:*:*:*:*:*:*:*
contechealthcms8000-cpe:2.3:h:contechealth:cms8000:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
contechealth	cms8000_firmware	-	cpe:2.3:o:contechealth:cms8000_firmware:-:::::::*
contechealth	cms8000	-	cpe:2.3:h:contechealth:cms8000:-:::::::*

CNA Affected

[
  {
    "product": "CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor",
    "vendor": "Contec Health",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsma-22-244-01

Social References

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

4.9

Confidence

High

EPSS

Percentile

10.4%

JSON

Related for CVE-2022-38453