// For flags

CVE-2022-27579

 

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Soft Designer in all versions up to and including 1.9.4 SP1 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges of the current user when opened or imported by the Flexi Soft Designer. This compromises confidentiality integrity and availability. For the attack to succeed a user must manually open a malicious project file.

Una vulnerabilidad de deserialización en una clase del marco de trabajo .NET usada y no comprobada adecuadamente por Flexi Soft Designer en todas las versiones hasta 1.9.4 SP1 incluyéndola, permite a un atacante diseñar archivos de proyecto maliciosos. Al abrir/importar dicho archivo de proyecto malicioso sería ejecutado código arbitrario con los privilegios del usuario actual cuando sea abierto o importado por el Flexi Soft Designer. Esto compromete la Confidencialidad, la Integridad y la Disponibilidad. Para que el ataque tenga éxito, un usuario debe abrir manualmente un archivo de proyecto malicioso.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-03-21 CVE Reserved
  • 2022-07-19 CVE Published
  • 2024-02-09 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-502: Deserialization of Untrusted Data
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://sick.com/psirt 2022-07-27
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sick
Search vendor "Sick"
 Flexi Soft Designer
Search vendor "Sick" for product "Flexi Soft Designer"
 < 1.9.4
Search vendor "Sick" for product "Flexi Soft Designer" and version " < 1.9.4"
-
Affected
Sick
Search vendor "Sick"
 Flexi Soft Designer
Search vendor "Sick" for product "Flexi Soft Designer"
 1.9.4
Search vendor "Sick" for product "Flexi Soft Designer" and version "1.9.4"
-
Affected
Sick
Search vendor "Sick"
 Flexi Soft Designer
Search vendor "Sick" for product "Flexi Soft Designer"
 1.9.4
Search vendor "Sick" for product "Flexi Soft Designer" and version "1.9.4"
sp1
Affected