Lucene search
IcscertCVELIST:CVE-2022-2892HistoryAug 31, 2022 - 8:54 p.m.
CVE-2022-2892 Measuresoft ScadaPro Server Out-of-bounds Write
2022-08-3120:54:54
CWE-787
icscert
www.cve.org
2
measuresoft
scadapro server
out-of-bounds write
activex control
vulnerability
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
33.2%
Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file.
CNA Affected
[
{
"product": "ScadaPro Server",
"vendor": "Measuresoft",
"versions": [
{
"lessThan": "6.8.0.1",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
]Related
zdi
zdi
nvd
nvd
CVE-2022-2892
2022-08-31 21:15:08
prion
prion
Design/Logic Flaw
2022-08-31 21:15:00
ics
ics
Measuresoft ScadaPro Server
2022-08-23 12:00:00
cve
cve
CVE-2022-2892
2022-08-31 21:15:08
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
33.2%
Related for CVELIST:CVE-2022-2892