Lucene search
HistorySep 13, 2022 - 10:15 a.m.
CVE-2022-38466
coreshield
gateway
software
vulnerability
file permissions
local attacker
privilege escalation
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
A vulnerability has been identified in CoreShield One-Way Gateway (OWG) Software (All versions < V2.2). The default installation sets insecure file permissions that could allow a local attacker to escalate privileges to local administrator.
Affected configurations
Node
siemenscoreshield_one-way_gatewayRange<2.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | coreshield_one-way_gateway | * | cpe:2.3:a:siemens:coreshield_one-way_gateway:*:*:*:*:*:*:*:* |
Related
cnvd
cnvd
Siemens CoreShield OWG Software Access Control Error Vulnerability
2022-09-14 00:00:00
ics
ics
Siemens Mobility CoreShield OWG Software
2022-09-15 12:00:00
prion
prion
Design/Logic Flaw
2022-09-13 10:15:00
cvelist
cvelist
CVE-2022-38466
2022-09-13 09:40:53
cve
cve
CVE-2022-38466
2022-09-13 10:15:10
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
Related for NVD:CVE-2022-38466