exploitDog

CVE-2022-43455

Опубликовано: 18 янв. 2023

Источник: nvd

CVSS3: 5.5

CVSS3: 6.5

EPSS Низкий

Описание

Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to the service_start, service_stop, and service_restart modules of the software. This could allow an attacker to start, stop, or restart arbitrary services running on the server.

Ссылки

https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01
Third Party Advisory
US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sewio:real-time_location_system_studio:*:*:*:*:*:*:*:*

Версия от 2.0.0 (включая) до 2.6.2 (включая)

EPSS

Процентиль: 6%

0.00025

Низкий

5.5 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-20

Связанные уязвимости

GHSA-32pr-mxf9-qhx8

CVSS3: 6.5

github

больше 2 лет назад

Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to the service_start, service_stop, and service_restart modules of the software. This could allow an attacker to start, stop, or restart arbitrary services running on the server.

EPSS

Процентиль: 6%

0.00025

Низкий

5.5 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-20