CVE-2022-41657

{"id": "CVE-2022-41657", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-10-31T20:15:13.220", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-07", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "\nDelta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces (APIs). This could create arbitrary files, which could be used in API operations and could ultimately result in remote code execution. \n\n"}, {"lang": "es", "value": "Las versiones 00.00.01a y anteriores de Delta Electronics InfraSuite Device Master permiten que los datos proporcionados por el atacante ya serializados en la memoria se utilicen en interfaces programables de aplicaciones (APIs) de operaci\u00f3n de archivos. Esto podr\u00eda crear archivos arbitrarios, que podr\u00edan usarse en operaciones API y, en \u00faltima instancia, podr\u00edan resultar en la ejecuci\u00f3n remota de c\u00f3digo.\n"}], "lastModified": "2023-11-07T03:52:52.717", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:deltaww:infrasuite_device_master:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BC08CDF-4EE4-4E6D-AFF0-A4749A91A05D", "versionEndExcluding": "00.00.02a"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}