CVE-2022-2895

{"id": "CVE-2022-2895", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-08-31T21:15:08.410", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-06", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file."}, {"lang": "es", "value": "Measuresoft ScadaPro Server (Todas las versiones) usa controles ActiveX no mantenidos. Estos controles pueden permitir dos instancias de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria mientras es procesado un archivo de proyecto espec\u00edfico"}], "lastModified": "2022-09-02T22:36:10.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:measuresoft:scadapro_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69C1131E-C11C-4262-B4DF-E7486538EF7A"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}