Vulnerabilities > CVE-2022-2002 - Untrusted Pointer Dereference vulnerability in GE Cimplicity

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

CWE-822

NVD

Published: 2022-12-07

Updated: 2023-11-07

Summary

GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.

Vulnerable Configurations

Part	Description	Count
Application	Ge GE Cimplicity - GE Cimplicity 6.1 GE Cimplicity 7.0 GE Cimplicity 7.5 GE Cimplicity 8.0 GE Cimplicity 8.1 GE Cimplicity 8.2 GE Cimplicity 9.0 GE Cimplicity 9.0_R2 GE Cimplicity 9.5 GE Cimplicity 10.0 GE Cimplicity 11.0 GE Cimplicity 11.1 GE Cimplicity 2022	70

Common Weakness Enumeration (CWE)

CWE-822 - Untrusted Pointer Dereference

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04