Sign-up

ID

VAR-202212-1777


CVE

CVE-2022-46282


TITLE

Made by Omron  CX-Drive  Freed memory usage in  (use-after-free)  Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-002783

DESCRIPTION

Use after free vulnerability in CX-Drive V3.00 and earlier allows a local attacker to execute arbitrary code by having a user to open a specially crafted file,. Provided by Omron Corporation CX-Drive freed memory use (use-after-free) Vulnerability (CWE-416) exists. This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Michael Heinzl MrArbitrary code may be executed by loading a specially crafted file into the affected product

Trust: 1.71

sources: NVD: CVE-2022-46282 // JVNDB: JVNDB-2022-002783 // VULHUB: VHN-444255

AFFECTED PRODUCTS

vendor:omronmodel:cx-drivescope:lteversion:3.00

Trust: 1.0

vendor:オムロン株式会社model:cx-drivescope: - version: -

Trust: 0.8

vendor:オムロン株式会社model:cx-drivescope:lteversion:v3.00 and earlier

Trust: 0.8

vendor:オムロン株式会社model:cx-drivescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-002783 // NVD: CVE-2022-46282

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-46282
value: HIGH

Trust: 1.0

OTHER: JVNDB-2022-002783
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202212-3593
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-46282
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2022-002783
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-002783 // CNNVD: CNNVD-202212-3593 // NVD: CVE-2022-46282

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.1

problemtype:Use of freed memory (CWE-416) [ others ]

Trust: 0.8

sources: VULHUB: VHN-444255 // JVNDB: JVNDB-2022-002783 // NVD: CVE-2022-46282

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202212-3593

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202212-3593

PATCH

title:Information from Omron Corporationurl:https://jvn.jp/vu/JVNVU92689335/995504/index.html

Trust: 0.8

title:Omron CX-Drive Remediation of resource management error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=219587

Trust: 0.6

sources: JVNDB: JVNDB-2022-002783 // CNNVD: CNNVD-202212-3593

EXTERNAL IDS

db:NVDid:CVE-2022-46282

Trust: 2.5

db:JVNid:JVNVU92689335

Trust: 2.5

db:JVNDBid:JVNDB-2022-002783

Trust: 1.4

db:CNNVDid:CNNVD-202212-3593

Trust: 0.6

db:VULHUBid:VHN-444255

Trust: 0.1

sources: VULHUB: VHN-444255 // JVNDB: JVNDB-2022-002783 // CNNVD: CNNVD-202212-3593 // NVD: CVE-2022-46282

REFERENCES

url:https://jvn.jp/en/vu/jvnvu92689335/index.html

Trust: 1.7

url:https://jvn.jp/vu/jvnvu92689335/

Trust: 0.8

url:https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-002783.html

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-46282/

Trust: 0.6

sources: VULHUB: VHN-444255 // JVNDB: JVNDB-2022-002783 // CNNVD: CNNVD-202212-3593 // NVD: CVE-2022-46282

SOURCES

db:VULHUBid:VHN-444255
db:JVNDBid:JVNDB-2022-002783
db:CNNVDid:CNNVD-202212-3593
db:NVDid:CVE-2022-46282

LAST UPDATE DATE

2024-08-14T14:37:08.333000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-444255date:2022-12-30T00:00:00
db:JVNDBid:JVNDB-2022-002783date:2022-12-20T05:21:00
db:CNNVDid:CNNVD-202212-3593date:2023-01-03T00:00:00
db:NVDid:CVE-2022-46282date:2022-12-30T21:53:08.940

SOURCES RELEASE DATE

db:VULHUBid:VHN-444255date:2022-12-21T00:00:00
db:JVNDBid:JVNDB-2022-002783date:2022-12-20T00:00:00
db:CNNVDid:CNNVD-202212-3593date:2022-12-19T00:00:00
db:NVDid:CVE-2022-46282date:2022-12-21T09:15:08.807