CVE-2022-2634
Digi ConnectPort X2D
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. This could lead to uploading python files which can be later executed.
Un atacante puede ser capaz de ejecutar acciones maliciosas debido a una falta de protecciones de acceso al dispositivo y permisos del dispositivo cuando es usada la aplicación web. Esto podría conllevar a una carga de archivos python que pueden ser ejecutados posteriormente
*Credits:
Aarón Flecha of S21sec reported this vulnerability to CISA.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-08-02 CVE Reserved
- 2022-08-09 CVE Published
- 2024-02-25 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-250: Execution with Unnecessary Privileges
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-216-01 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Digi Search vendor "Digi" | Connectport X2d Firmware Search vendor "Digi" for product "Connectport X2d Firmware" | < 2020-01-01 Search vendor "Digi" for product "Connectport X2d Firmware" and version " < 2020-01-01" | - |
Affected
| in | Digi Search vendor "Digi" | Connectport X2d Search vendor "Digi" for product "Connectport X2d" | - | - |
Safe
|