CVE-2022-22985
ICSA-22-062-01 IPCOMM ipDIO
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the specific web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to review history.
La ausencia de filtros cuando son cargadas algunas secciones en la aplicación web del dispositivo vulnerable permite a atacantes inyectar código malicioso que será interpretado cuando un usuario legítimo acceda a la sección web específica donde es mostrada la información. La inyección puede realizarse sobre parámetros específicos. El código inyectado es ejecutado cuando un usuario legítimo intenta revisar el historial
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-02-15 CVE Reserved
- 2022-03-09 CVE Published
- 2024-09-17 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-062-01 | Mitigation |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ipcomm Search vendor "Ipcomm" | Ipdio Firmware Search vendor "Ipcomm" for product "Ipdio Firmware" | 3.9 Search vendor "Ipcomm" for product "Ipdio Firmware" and version "3.9" | - |
Affected
| in | Ipcomm Search vendor "Ipcomm" | Ipdio Search vendor "Ipcomm" for product "Ipdio" | - | - |
Safe
|