GE CIMPLICITY up to 2022 heap-based overflow

A vulnerability has been found in GE CIMPLICITY up to 2022 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to heap-based buffer overflow. The CWE definition for the vulnerability is CWE-122. The weakness was shared 11/24/2022 as icsa-22-326-04. It is possible to read the advisory at cisa.gov. This vulnerability is known as CVE-2022-2948. The attack can be launched remotely. There are no technical details available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. It is declared as not defined. We expect the 0-day to have been worth approximately $0-$5k. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Field11/24/2022 02:47 PM11/24/2022 02:48 PM
vendorGEGE
nameCIMPLICITYCIMPLICITY
cwe122 (heap-based overflow)122 (heap-based overflow)
risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cHH
cvss3_vuldb_iHH
cvss3_vuldb_aHH
cvss3_vuldb_rcCC
identifiericsa-22-326-04icsa-22-326-04
urlhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04
cveCVE-2022-2948CVE-2022-2948
date1669244400 (11/24/2022)1669244400 (11/24/2022)
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciCC
cvss2_vuldb_iiCC
cvss2_vuldb_aiCC
cvss2_vuldb_rcCC
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss2_vuldb_basescore10.010.0
cvss2_vuldb_tempscore10.010.0
cvss3_vuldb_basescore8.88.8
cvss3_vuldb_tempscore8.88.8
cvss3_meta_basescore8.88.8
cvss3_meta_tempscore8.88.8
price_0day$0-$5k$0-$5k
version<=2022

Do you want to use VulDB in your project?

Use the official API to access entries easily!