Lucene search

NCSC.chCVE-2022-4779

HistoryDec 29, 2022 - 12:15 a.m.

CVE-2022-4779

2022-12-2900:15:09

CWE-22

NCSC.ch

web.nvd.nist.gov

cve-2022-4779

streamx

authentication bypass

logic bug

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

46.6%

JSON

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme.
StreamX applications using StreamView HTML component with the public web server feature activated are affected.

Affected configurations

Nvd

Node

elvexysstreamxRange6.02.01–6.04.34

VendorProductVersionCPE
elvexysstreamx*cpe:2.3:a:elvexys:streamx:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
elvexys	streamx	*	cpe:2.3:a:elvexys:streamx::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "StreamX",
    "vendor": "elvexys",
    "versions": [
      {
        "lessThanOrEqual": "6.04.34",
        "status": "affected",
        "version": "6.02.01",
        "versionType": "patch"
      }
    ]
  }
]

References

elvexys.com/products/xpg-gateway-rtu-protocol-converter/streamx-release-notes/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

46.6%

JSON

Related for CVE-2022-4779