Vulnerability Details : CVE-2022-33317
Inclusion of Functionality from Untrusted Control Sphere vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a monitoring screen file including malicious script codes.
Vulnerability category: File inclusion
Products affected by CVE-2022-33317
- cpe:2.3:a:iconics:genesis64:10.97.1:*:*:*:*:*:*:*
- cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-33317
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 35 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-33317
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2022-33317
-
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-33317
-
https://jvn.jp/vu/JVNVU96480474/index.html
JVNVU#96480474: 三菱電機製GENESIS64およびMC Works64における複数の脆弱性Third Party Advisory
-
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf
Third Party Advisory
Jump to