Details of VAR-202208-1819

ID

VAR-202208-1819

CVE

CVE-2022-2234

TITLE

mySCADA Technologies Made myPRO Command injection vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-002341

DESCRIPTION

An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system. mySCADA Technologies Provided by the company myPRO The following vulnerabilities exist in. It was * Command injection (CWE-77) - CVE-2022-2234If the vulnerability is exploited, it may be affected as follows

Trust: 1.71

sources: NVD: CVE-2022-2234 // JVNDB: JVNDB-2022-002341 // VULMON: CVE-2022-2234

AFFECTED PRODUCTS

vendor:	myscada	model:	mypro	scope:	lte	version:	8.26.0	Trust: 1.0
vendor:	myscada	model:	mypro	scope:	eq	version:	-	Trust: 0.8
vendor:	myscada	model:	mypro	scope:	lte	version:	8.26.0 and earlier	Trust: 0.8

sources: JVNDB: JVNDB-2022-002341 // NVD: CVE-2022-2234

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-2234
value:	HIGH
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2022-2234
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-2234
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202208-3801
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-2234
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2022-2234
baseSeverity:	CRITICAL
baseScore:	9.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.1
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2022-2234
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-002341 // CNNVD: CNNVD-202208-3801 // NVD: CVE-2022-2234 // NVD: CVE-2022-2234

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	CWE-78	Trust: 1.0
problemtype:	Command injection (CWE-77) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-002341 // NVD: CVE-2022-2234

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-3801

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202208-3801

PATCH

title:	DOWNLOADS	url:	https://www.myscada.org/download/#mypro	Trust: 0.8
title:	mySCADA myPRO Fixes for operating system command injection vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=247287	Trust: 0.6

sources: JVNDB: JVNDB-2022-002341 // CNNVD: CNNVD-202208-3801

EXTERNAL IDS

db:	NVD	id:	CVE-2022-2234	Trust: 3.3
db:	ICS CERT	id:	ICSA-22-235-03	Trust: 2.5
db:	JVN	id:	JVNVU92145197	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-002341	Trust: 0.8
db:	CNNVD	id:	CNNVD-202208-3801	Trust: 0.6
db:	VULMON	id:	CVE-2022-2234	Trust: 0.1

sources: VULMON: CVE-2022-2234 // JVNDB: JVNDB-2022-002341 // CNNVD: CNNVD-202208-3801 // NVD: CVE-2022-2234

REFERENCES

url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-03	Trust: 2.6
url:	http://jvn.jp/vu/jvnvu92145197/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2234	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-235-03	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-2234/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/77.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2022-2234 // JVNDB: JVNDB-2022-002341 // CNNVD: CNNVD-202208-3801 // NVD: CVE-2022-2234

CREDITS

Marlon Luis Petry reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202208-3801

SOURCES

db:	VULMON	id:	CVE-2022-2234
db:	JVNDB	id:	JVNDB-2022-002341
db:	CNNVD	id:	CNNVD-202208-3801
db:	NVD	id:	CVE-2022-2234

LAST UPDATE DATE

2024-08-14T15:06:13.413000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2022-2234	date:	2022-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2022-002341	date:	2024-06-13T09:18:00
db:	CNNVD	id:	CNNVD-202208-3801	date:	2023-07-25T00:00:00
db:	NVD	id:	CVE-2022-2234	date:	2023-07-24T13:07:21.177

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2022-2234	date:	2022-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2022-002341	date:	2022-08-26T00:00:00
db:	CNNVD	id:	CNNVD-202208-3801	date:	2022-08-23T00:00:00
db:	NVD	id:	CVE-2022-2234	date:	2022-08-24T16:15:11.797