Lucene search

IcscertCVELIST:CVE-2022-1402

HistoryApr 29, 2022 - 4:10 p.m.

CVE-2022-1402 Delta Electronics ASDA-Soft Out-of-bounds Read

2022-04-2916:10:21

CWE-125

icscert

www.cve.org

delta electronics

asda-soft

version 5.4.1.0

out-of-bounds read

input sanitization

project file

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

29.0%

JSON

ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition.

CNA Affected

[
  {
    "product": "ASDA-Soft",
    "vendor": "Delta Electronics",
    "versions": [
      {
        "lessThanOrEqual": "5.4.1.0",
        "status": "affected",
        "version": "All versions",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-22-111-01

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

29.0%

JSON

Related for CVELIST:CVE-2022-1402