Lucene search

IcscertCVELIST:CVE-2022-1738

HistoryOct 19, 2022 - 5:24 p.m.

CVE-2022-1738 Fuji Electric D300win Out-of-bounds Read

2022-10-1917:24:32

CWE-125

icscert

www.cve.org

cve-2022-1738

fuji electric

d300win

out-of-bounds read

vulnerability

sensitive data

process memory

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

50.5%

JSON

Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to an out-of-bounds read, which could allow an attacker to leak sensitive data from the process memory.

CNA Affected

[
  {
    "vendor": "Fuji Electric",
    "product": "D300win",
    "versions": [
      {
        "version": "3.7.1.16",
        "status": "affected",
        "lessThan": "3.7.1.17",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-22-242-05

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

50.5%

JSON

Related for CVELIST:CVE-2022-1738