Vulnerabilities > CVE-2022-3027 - Unspecified vulnerability in Contechealth Cms8000 Firmware

CVSS 5.7 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

low complexity

contechealth

NVD

Published: 2022-09-13

Updated: 2022-09-14

Summary

The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSID, the device can be exploited to write arbitrary files or display incorrect information.

Vulnerable Configurations

Part	Description	Count
OS	Contechealth Contechealth Cms8000 Firmware -	1
Hardware	Contechealth Contechealth Cms8000 -	1

References

https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01