Rewterz Threat Advisory – ICS: Hitachi Energy Modular Switchgear Monitoring Vulnerability
October 5, 2022Rewterz Threat Advisory – ICS: OMRON CX-Programmer Vulnerabilities
October 5, 2022Rewterz Threat Advisory – ICS: Hitachi Energy Modular Switchgear Monitoring Vulnerability
October 5, 2022Rewterz Threat Advisory – ICS: OMRON CX-Programmer Vulnerabilities
October 5, 2022Severity
High
Analysis Summary
CVE-2022-3377 CVSS:7.8
The affected product does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by writing outside the memory buffer.
CVE-2022-3378 CVSS:7.8
The affected product does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory write.
CVE-2022-3379 CVSS:7.8
The affected product does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory read.
Impact
- Arbitrary Code Execution
Indicators Of Compromise
CVE
- CVE-2022-3377
- CVE-2022-3378
- CVE-2022-3379
Affected Vendors
Horner Automation
Affected Products
Cscape Version 9.90 SP 6 and prior
Cscape Version 9.90 SP 7 and prior
Remediation
Refer to CISA-CERT Advisory for the patch, upgrade, or suggested workaround information.
CISA-CERT Advisory