Details of VAR-202301-1298

ID

VAR-202301-1298

CVE

CVE-2022-46732

TITLE

Proficy Historian Authentication Bypass Vulnerability Using Alternate Paths or Channels in

Trust: 0.8

sources: JVNDB: JVNDB-2023-002264

DESCRIPTION

Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status. Proficy Historian contains an authentication bypass vulnerability using alternate paths or channels.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-46732 // JVNDB: JVNDB-2023-002264 // VULMON: CVE-2022-46732

AFFECTED PRODUCTS

vendor:	ge	model:	proficy historian	scope:	lt	version:	2023	Trust: 1.0
vendor:	ge	model:	proficy historian	scope:	gte	version:	7.0	Trust: 1.0
vendor:	general electric	model:	proficy historian	scope:	eq	version:	-	Trust: 0.8
vendor:	general electric	model:	proficy historian	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-002264 // NVD: CVE-2022-46732

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-46732
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-46732
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202301-1351
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2022-46732
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-46732
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-002264 // CNNVD: CNNVD-202301-1351 // NVD: CVE-2022-46732

PROBLEMTYPE DATA

problemtype:

Authentication Bypass Using Alternate Paths or Channels (CWE-288) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-002264

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-1351

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202301-1351

PATCH

title:	GE Digital	url:	https://www.ge.com/digital/	Trust: 0.8
title:	Proficy Historian Fixes for access control error vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=222551	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2022-46732	Trust: 0.1

sources: VULMON: CVE-2022-46732 // JVNDB: JVNDB-2023-002264 // CNNVD: CNNVD-202301-1351

EXTERNAL IDS

db:	NVD	id:	CVE-2022-46732	Trust: 3.3
db:	ICS CERT	id:	ICSA-23-017-01	Trust: 2.5
db:	JVN	id:	JVNVU92701384	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-002264	Trust: 0.8
db:	CNNVD	id:	CNNVD-202301-1351	Trust: 0.6
db:	VULMON	id:	CVE-2022-46732	Trust: 0.1

sources: VULMON: CVE-2022-46732 // JVNDB: JVNDB-2023-002264 // CNNVD: CNNVD-202301-1351 // NVD: CVE-2022-46732

REFERENCES

url:	https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01	Trust: 1.8
url:	https://digitalsupport.ge.com/s/article/ge-digital-product-security-advisory-ged-23-01	Trust: 1.7
url:	https://jvn.jp/vu/jvnvu92701384/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-46732	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-017-01	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-46732/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/288.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2022-46732	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2022-46732 // JVNDB: JVNDB-2023-002264 // CNNVD: CNNVD-202301-1351 // NVD: CVE-2022-46732

SOURCES

db:	VULMON	id:	CVE-2022-46732
db:	JVNDB	id:	JVNDB-2023-002264
db:	CNNVD	id:	CNNVD-202301-1351
db:	NVD	id:	CVE-2022-46732

LAST UPDATE DATE

2024-08-14T13:52:49.732000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2022-46732	date:	2023-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2023-002264	date:	2023-06-29T08:18:00
db:	CNNVD	id:	CNNVD-202301-1351	date:	2023-01-28T00:00:00
db:	NVD	id:	CVE-2022-46732	date:	2023-11-07T03:55:52.267

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2022-46732	date:	2023-01-18T00:00:00
db:	JVNDB	id:	JVNDB-2023-002264	date:	2023-06-29T00:00:00
db:	CNNVD	id:	CNNVD-202301-1351	date:	2023-01-18T00:00:00
db:	NVD	id:	CVE-2022-46732	date:	2023-01-18T00:15:12.357