Vulnerability Details : CVE-2022-33320
Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a project configuration file including malicious XML codes.
Products affected by CVE-2022-33320
- cpe:2.3:a:iconics:genesis64:10.97.1:*:*:*:*:*:*:*
- cpe:2.3:a:iconics:genesis64:10.97:*:*:*:*:*:*:*
- cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-33320
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 37 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-33320
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2022-33320
-
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-33320
-
https://jvn.jp/vu/JVNVU96480474/index.html
JVNVU#96480474: 三菱電機製GENESIS64およびMC Works64における複数の脆弱性Third Party Advisory
-
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-008_en.pdf
Third Party Advisory
Jump to