Sign-up

ID

VAR-202207-1528


CVE

CVE-2022-33319


TITLE

ICONICS, Inc.  of  GENESIS 64  Out-of-Bounds Read Vulnerability in Other Vendors' Products

Trust: 0.8

sources: JVNDB: JVNDB-2022-013545

DESCRIPTION

Out-of-bounds Read vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows a remote unauthenticated attacker to disclose information on memory or cause a Denial of Service (DoS) condition by sending specially crafted packets to the GENESIS64 server. ICONICS, Inc. of GENESIS 64 Products from other vendors have out-of-bounds read vulnerabilities.Information is obtained and service operation is interrupted (DoS) It may be in a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ICONICS GENESIS64 GenBroker64. Authentication is not required to exploit this vulnerability.The specific flaw exists within the GenBroker64 service, which listens on TCP port 38080 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to disclose information in the context of the current process or to create a denial-of-service condition on the system

Trust: 2.34

sources: NVD: CVE-2022-33319 // JVNDB: JVNDB-2022-013545 // ZDI: ZDI-22-1044 // VULMON: CVE-2022-33319

AFFECTED PRODUCTS

vendor:iconicsmodel:genesis64scope:eqversion:10.97.1

Trust: 1.0

vendor:mitsubishielectricmodel:mc works64scope:lteversion:10.95.210.01

Trust: 1.0

vendor:iconicsmodel:genesis64scope:eqversion:10.97

Trust: 1.0

vendor:三菱電機model:mc works64scope: - version: -

Trust: 0.8

vendor:iconicsmodel:genesis 64scope: - version: -

Trust: 0.8

vendor:iconicsmodel:genesis64scope: - version: -

Trust: 0.7

sources: ZDI: ZDI-22-1044 // JVNDB: JVNDB-2022-013545 // NVD: CVE-2022-33319

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-33319
value: CRITICAL

Trust: 1.8

ZDI: CVE-2022-33319
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-202207-2070
value: CRITICAL

Trust: 0.6

NVD: CVE-2022-33319
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2022-33319
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2022-33319
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 4.2
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-22-1044 // JVNDB: JVNDB-2022-013545 // NVD: CVE-2022-33319 // CNNVD: CNNVD-202207-2070

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

problemtype:Out-of-bounds read (CWE-125) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-013545 // NVD: CVE-2022-33319

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-2070

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202207-2070

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-33319

PATCH
title:ICONICS has issued an update to correct this vulnerability.url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-04
Trust: 0.7
title:Mitsubishi Electric MC Works64 Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=201118
Trust: 0.6
sources:
            
            
            ZDI: ZDI-22-1044 // 
            
            
            
            CNNVD: CNNVD-202207-2070

EXTERNAL IDS
db:NVDid:CVE-2022-33319
Trust: 4.0
db:JVNid:JVNVU96480474
Trust: 2.5
db:ICS CERTid:ICSA-22-202-04
Trust: 1.5
db:JVNDBid:JVNDB-2022-013545
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-17389
Trust: 0.7
db:ZDIid:ZDI-22-1044
Trust: 0.7
db:CS-HELPid:SB2022072542
Trust: 0.6
db:CNNVDid:CNNVD-202207-2070
Trust: 0.6
db:VULMONid:CVE-2022-33319
Trust: 0.1
sources:
            
            
            ZDI: ZDI-22-1044 // 
            
            
            
            VULMON: CVE-2022-33319 // 
            
            
            
            JVNDB: JVNDB-2022-013545 // 
            
            
            
            NVD: CVE-2022-33319 // 
            
            
            
            CNNVD: CNNVD-202207-2070

REFERENCES
url:https://jvn.jp/vu/jvnvu96480474/index.html
Trust: 2.5
url:https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf
Trust: 2.5
url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-04
Trust: 0.8
url:https://jvn.jp/vu/jvnvu96480474/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2022-33319
Trust: 0.8
url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-202-04
Trust: 0.8
url:https://www.cybersecurity-help.cz/vdb/sb2022072542
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2022-33319/
Trust: 0.6
url:https://us-cert.cisa.gov/ics/advisories/icsa-22-202-04
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            ZDI: ZDI-22-1044 // 
            
            
            
            VULMON: CVE-2022-33319 // 
            
            
            
            JVNDB: JVNDB-2022-013545 // 
            
            
            
            NVD: CVE-2022-33319 // 
            
            
            
            CNNVD: CNNVD-202207-2070

CREDITS
Axel '0vercl0k' Souchet from https://doar-e.github.io/
Trust: 0.7
sources:
            
            
            ZDI: ZDI-22-1044

SOURCES
db:ZDIid:ZDI-22-1044
db:VULMONid:CVE-2022-33319
db:JVNDBid:JVNDB-2022-013545
db:NVDid:CVE-2022-33319
db:CNNVDid:CNNVD-202207-2070

LAST UPDATE DATE
2023-09-10T22:31:28.007000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-22-1044date:2022-08-03T00:00:00
db:VULMONid:CVE-2022-33319date:2022-07-20T00:00:00
db:JVNDBid:JVNDB-2022-013545date:2023-09-08T08:28:00
db:NVDid:CVE-2022-33319date:2022-07-27T18:56:00
db:CNNVDid:CNNVD-202207-2070date:2022-07-28T00:00:00

SOURCES RELEASE DATE
db:ZDIid:ZDI-22-1044date:2022-08-03T00:00:00
db:VULMONid:CVE-2022-33319date:2022-07-20T00:00:00
db:JVNDBid:JVNDB-2022-013545date:2023-09-08T00:00:00
db:NVDid:CVE-2022-33319date:2022-07-20T17:15:00
db:CNNVDid:CNNVD-202207-2070date:2022-07-20T00:00:00