CVE-2022-43483

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

S

ewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the monitor services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system commands.

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01	Third Party Advisory US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:sewio:real-time_location_system_studio:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:26

Type	Values Removed	Values Added
References	~~() https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01 - Third Party Advisory, US Government Resource~~	() https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01 - Third Party Advisory, US Government Resource
CVSS	v2 : ~~unknown~~ v3 : ~~7.2~~	v2 : unknown v3 : 9.1

Information

Published : 2023-01-18 01:15

Updated : 2024-11-21 07:26

NVD link : CVE-2022-43483

Mitre link : CVE-2022-43483

CVE.ORG link : CVE-2022-43483

JSON object : View

Products Affected

real-time_location_system_studio

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2022-43483", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2023-01-18T01:15:12.477", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "[email protected]"}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the monitor services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system commands.\n\n"}, {"lang": "es", "value": "Real-Time Location System (RTLS) Studio de Sewio, versi\u00f3n 2.0.0 hasta la versi\u00f3n 2.6.2 incluida, no valida correctamente el nombre del m\u00f3dulo de entrada para los servicios de monitorizaci\u00f3n del software. Esto podr\u00eda permitir que un atacante remoto acceda a funciones confidenciales de la aplicaci\u00f3n y ejecute comandos arbitrarios del sistema."}], "lastModified": "2024-11-21T07:26:34.713", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sewio:real-time_location_system_studio:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BFF34E9-1653-45FC-B8F1-4A61931A0779", "versionEndIncluding": "2.6.2", "versionStartIncluding": "2.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}