CVE-2022-3090

Опубликовано: 17 нояб. 2022

Источник: nvd

CVSS3: 7.5

CVSS3: 5.3

EPSS Низкий

Описание

Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes.

Ссылки

https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01
Third Party Advisory
US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redlion:crimson:*:*:*:*:*:*:*:*

Версия до 3.0 (исключая)

cpe:2.3:a:redlion:crimson:3.0:-:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_477.003:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_493.003:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_493.004:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_493.005:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_502.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_502.001:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_502.003:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_515.002:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_515.003:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_523.003:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_530.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_530.001:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_530.002:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_530.003:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_548.001:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_548.005:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_573.001:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_573.002:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_579.001:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_579.003:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_582.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_582.001:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_582.003:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_582.004:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_599.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_599.001:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_603.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_605.002:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_615.004:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_619.002:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_619.004:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_624.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_624.005:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_635.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_635.001:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_639.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_640.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_640.001:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_640.002:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_647.002:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_657.001:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_657.003:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_662.002:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_662.006:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_675.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_678.002:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_683.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_683.001:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_683.002:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_690.001:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_690.002:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_693.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_694.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_697.001:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_697.002:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_697.003:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_700.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_702.002:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_702.004:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_703.001:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_705.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.0:build_707.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:-:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3100.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3100.002:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3100.003:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3100.008:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3100.009:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3100.010:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3101.001:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3104.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3106.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3106.004:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3108.002:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3108.004:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3109.003:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3109.004:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3110.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3110.002:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3110.004:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3111.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3112.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3113.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3114.002:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3115.006:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3115.008:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3115.009:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3116.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3119.001:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3119.002:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3120.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3120.001:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3121.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3122.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3122.001:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3123.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3123.001:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3124.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3125.003:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3125.006:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3125.007:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3126.000:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.1:build_3126.001:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.2:-:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.2:build_3.2.0008.0:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.2:build_3.2.0014.0:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.2:build_3.2.0015.0:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.2:build_3.2.0016.0:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.2:build_3.2.0020.0:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.2:build_3.2.0021.0:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.2:build_3.2.0025.0:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.2:build_3.2.0026.0:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.2:build_3.2.0030.0:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.2:build_3.2.0031.0:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.2:build_3.2.0035.0:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.2:build_3.2.0036.0:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.2:build_3.2.0040.0:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.2:build_3.2.0041.0:*:*:*:*:*:*

cpe:2.3:a:redlion:crimson:3.2:build_3.2.0044.0:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00297

Низкий

7.5 High

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-vv26-mr89-rpfc

CVSS3: 5.3

github

около 3 лет назад

EPSS

Процентиль: 53%

0.00297

Низкий

7.5 High

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-22