CVE-2022-30065

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-30065
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://bugs.busybox.net/show_bug.cgi?id=14781 Exploit Issue Tracking Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:busybox:busybox:1.35.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:siemens:scalance_sc622-2c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_sc622-2c:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:siemens:scalance_sc626-2c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_sc626-2c:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:siemens:scalance_sc632-2c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_sc632-2c:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:siemens:scalance_sc636-2c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_sc636-2c:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:siemens:scalance_sc642-2c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_sc642-2c:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_sc646-2c:-:*:*:*:*:*:*:*
History

11 Feb 2023, 17:44

Type Values Removed Values Added
First Time Siemens scalance Sc622-2c
Siemens scalance Sc636-2c Firmware
Siemens scalance Sc632-2c
Siemens scalance Sc626-2c Firmware
Siemens scalance Sc632-2c Firmware
Siemens scalance Sc626-2c
Siemens scalance Sc642-2c
Siemens scalance Sc646-2c
Siemens scalance Sc622-2c Firmware
Siemens scalance Sc642-2c Firmware
Siemens
Siemens scalance Sc646-2c Firmware
Siemens scalance Sc636-2c
CPE cpe:2.3:h:siemens:scalance_sc636-2c:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_sc642-2c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_sc622-2c:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_sc636-2c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_sc642-2c:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_sc646-2c:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_sc626-2c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_sc626-2c:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_sc632-2c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_sc632-2c:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_sc622-2c_firmware:*:*:*:*:*:*:*:*
References (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf - (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf - Third Party Advisory

13 Dec 2022, 12:15

Type Values Removed Values Added
References
  • (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf -

01 Jun 2022, 14:20

Type Values Removed Values Added
CWE CWE-416
CVSS v2 : unknown
v3 : unknown 		v2 : 6.8
v3 : 7.8
CPE cpe:2.3:a:busybox:busybox:1.35.0:*:*:*:*:*:*:*
First Time Busybox busybox
Busybox
References (MISC) https://bugs.busybox.net/show_bug.cgi?id=14781 - (MISC) https://bugs.busybox.net/show_bug.cgi?id=14781 - Exploit, Issue Tracking, Third Party Advisory

18 May 2022, 15:19

Type Values Removed Values Added
New CVE
Information

Published : 2022-05-18 15:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-30065

Mitre link : CVE-2022-30065

CVE.ORG link : CVE-2022-30065

JSON object : View

Products Affected

siemens

  • scalance_sc626-2c_firmware
  • scalance_sc632-2c
  • scalance_sc642-2c
  • scalance_sc622-2c
  • scalance_sc636-2c
  • scalance_sc626-2c
  • scalance_sc646-2c_firmware
  • scalance_sc646-2c
  • scalance_sc636-2c_firmware
  • scalance_sc642-2c_firmware
  • scalance_sc622-2c_firmware
  • scalance_sc632-2c_firmware

busybox

  • busybox
CWE
CWE-416

Use After Free