Details of VAR-202301-1301

ID

VAR-202301-1301

CVE

CVE-2022-46331

TITLE

Proficy Historian access control vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2023-002238

DESCRIPTION

An unauthorized user could possibly delete any file on the system. Proficy Historian contains an access control vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-46331 // JVNDB: JVNDB-2023-002238 // VULMON: CVE-2022-46331

AFFECTED PRODUCTS

vendor:	ge	model:	proficy historian	scope:	lt	version:	2023	Trust: 1.0
vendor:	ge	model:	proficy historian	scope:	gte	version:	7.0	Trust: 1.0
vendor:	general electric	model:	proficy historian	scope:	-	version:	-	Trust: 0.8
vendor:	general electric	model:	proficy historian	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-002238 // NVD: CVE-2022-46331

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-46331
value:	HIGH
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2022-46331
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-46331
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202301-1348
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-46331
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2022-46331
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-46331
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-002238 // CNNVD: CNNVD-202301-1348 // NVD: CVE-2022-46331 // NVD: CVE-2022-46331

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	Inappropriate access control (CWE-284) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-002238 // NVD: CVE-2022-46331

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-1348

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202301-1348

PATCH

title:	GE Digital	url:	https://www.ge.com/digital/	Trust: 0.8
title:	GE Digital Proficy Historian Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=244883	Trust: 0.6

sources: JVNDB: JVNDB-2023-002238 // CNNVD: CNNVD-202301-1348

EXTERNAL IDS

db:	NVD	id:	CVE-2022-46331	Trust: 3.3
db:	ICS CERT	id:	ICSA-23-017-01	Trust: 2.5
db:	JVN	id:	JVNVU92701384	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-002238	Trust: 0.8
db:	CNNVD	id:	CNNVD-202301-1348	Trust: 0.6
db:	VULMON	id:	CVE-2022-46331	Trust: 0.1

sources: VULMON: CVE-2022-46331 // JVNDB: JVNDB-2023-002238 // CNNVD: CNNVD-202301-1348 // NVD: CVE-2022-46331

REFERENCES

url:	https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01	Trust: 1.8
url:	https://digitalsupport.ge.com/s/article/ge-digital-product-security-advisory-ged-23-01	Trust: 1.7
url:	https://jvn.jp/vu/jvnvu92701384/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-46331	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-017-01	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-46331/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/284.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2022-46331 // JVNDB: JVNDB-2023-002238 // CNNVD: CNNVD-202301-1348 // NVD: CVE-2022-46331

SOURCES

db:	VULMON	id:	CVE-2022-46331
db:	JVNDB	id:	JVNDB-2023-002238
db:	CNNVD	id:	CNNVD-202301-1348
db:	NVD	id:	CVE-2022-46331

LAST UPDATE DATE

2024-08-14T13:52:49.707000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2022-46331	date:	2023-01-18T00:00:00
db:	JVNDB	id:	JVNDB-2023-002238	date:	2023-06-29T01:20:00
db:	CNNVD	id:	CNNVD-202301-1348	date:	2023-07-10T00:00:00
db:	NVD	id:	CVE-2022-46331	date:	2023-11-07T03:55:34.133

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2022-46331	date:	2023-01-18T00:00:00
db:	JVNDB	id:	JVNDB-2023-002238	date:	2023-06-29T00:00:00
db:	CNNVD	id:	CNNVD-202301-1348	date:	2023-01-18T00:00:00
db:	NVD	id:	CVE-2022-46331	date:	2023-01-18T00:15:12.183