CVE-2022-25359

Published Feb 26, 2022

Last updated 3 months ago

CVSS critical 9.1

Overview

Description: On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.1
Impact score: 5.2
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 6.4
Impact score: 4.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-306

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:iclinks:scadaflex_ii_firmware:1.01.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F8A94A2-3131-4CF8-9746-B97784321E15"
          },
          {
            "criteria": "cpe:2.3:o:iclinks:scadaflex_ii_firmware:1.01.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86855C02-1001-4A29-AEDA-E50236B513EB"
          },
          {
            "criteria": "cpe:2.3:o:iclinks:scadaflex_ii_firmware:1.02.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5CB3BCE-2561-4AF8-96AF-E4E89D05319E"
          },
          {
            "criteria": "cpe:2.3:o:iclinks:scadaflex_ii_firmware:1.02.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EC6EAC1-B005-43B8-8BA9-CFDD4C7F81D3"
          },
          {
            "criteria": "cpe:2.3:o:iclinks:scadaflex_ii_firmware:1.02.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49009933-DB7E-4107-A6BD-DC3265CA27E8"
          },
          {
            "criteria": "cpe:2.3:o:iclinks:scadaflex_ii_firmware:1.03.07:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3AD3B7CE-3184-40EF-A956-C597FD23E6CB"
          },
          {
            "criteria": "cpe:2.3:o:iclinks:weblib:1.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FFBE1106-D84D-48DD-98E9-6EBF09299BB4"
          },
          {
            "criteria": "cpe:2.3:o:iclinks:weblib:1.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C2F9B4F-58D5-49B3-9F5D-54BF01F31F1F"
          },
          {
            "criteria": "cpe:2.3:o:iclinks:weblib:1.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E74CECC3-5B48-4B2C-B817-E9B1F5D37EEC"
          },
          {
            "criteria": "cpe:2.3:o:iclinks:weblib:1.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C76FC41-5696-4AEA-AEC5-247120527D2C"
          },
          {
            "criteria": "cpe:2.3:o:iclinks:weblib:1.24:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BEE2E4C-2B6D-48C7-BC7F-62C5DDF470DC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:iclinks:scadaflex_ii:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C4862199-5DA8-47C5-9238-F9BE3E3455C3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References