CVE-2022-33316

Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a monitoring screen file including malicious XAML codes.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/vu/JVNVU96480474/index.html	Third Party Advisory
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:iconics:genesis64:10.97:::::::*
	cpe:2.3:a:iconics:genesis64:10.97.1:::::::*

Configuration 2 (hide)

cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*

History

27 Jul 2022, 19:03

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
References	~~(MISC) https://jvn.jp/vu/JVNVU96480474/index.html -~~	(MISC) https://jvn.jp/vu/JVNVU96480474/index.html - Third Party Advisory
References	~~(MISC) https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf -~~	(MISC) https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf - Third Party Advisory
CWE		CWE-502
CPE		cpe:2.3:a:mitsubishielectric:mc_works64:::::::: cpe:2.3:a:iconics:genesis64:10.97:::::::* cpe:2.3:a:iconics:genesis64:10.97.1:::::::*
First Time		Mitsubishielectric Iconics genesis64 Iconics Mitsubishielectric mc Works64

20 Jul 2022, 17:28

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-07-20 17:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-33316

Mitre link : CVE-2022-33316

CVE.ORG link : CVE-2022-33316

JSON object : View

Products Affected

mitsubishielectric

mc_works64

iconics

genesis64

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2022-33316", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-07-20T17:15:08.217", "references": [{"url": "https://jvn.jp/vu/JVNVU96480474/index.html", "tags": ["Third Party Advisory"], "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}, {"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf", "tags": ["Third Party Advisory"], "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a monitoring screen file including malicious XAML codes."}, {"lang": "es", "value": "Una vulnerabilidad de Deserializaci\u00f3n de Datos No Confiables en ICONICS GENESIS64 versiones 10.97.1 y anteriores y Mitsubishi Electric MC Works64 versiones 4.04E (10.95.210.01) y anteriores permite a un atacante no autenticado ejecutar un c\u00f3digo malicioso arbitrario al conllevar a un usuario a cargar un archivo de pantalla de monitoreo que incluye c\u00f3digos XAML maliciosos"}], "lastModified": "2022-07-27T19:03:27.657", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44D3F652-C916-4395-BD11-AECDDF960D45"}, {"criteria": "cpe:2.3:a:iconics:genesis64:10.97.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D89798E-910C-4C3F-9385-D9B7CA921091"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F44C63DD-663E-4505-8586-D4BCAB01AF73", "versionEndIncluding": "10.95.210.01"}], "operator": "OR"}]}], "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"}