5.5.10.32

CVSS 6.8 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

dominionvoting

CWE-24

NVD

Published: 2022-06-24

Updated: 2022-07-06

Summary

The tested version of Dominion Voting System ImageCast X can be manipulated to cause arbitrary code execution by specially crafted election definition files. An attacker could leverage this vulnerability to spread malicious code to ImageCast X devices from the EMS.

Vulnerable Configurations

Part	Description	Count
OS	Dominionvoting Dominionvoting Imagecast X *	1
Hardware	Dominionvoting Dominionvoting Democracy Suite 5.5-A	1
Application	Dominionvoting Dominionvoting Imagecast X 5.5.10.30 Dominionvoting Imagecast X 5.5.10.32	2

Common Weakness Enumeration (CWE)

CWE-24 - Path Traversal: '../filedir'

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01