CVE-2022-1888 - OpenCVE

Alpha7 PC Loader (All versions) is vulnerable to a stack-based buffer overflow while processing a specifically crafted project file, which may allow an attacker to execute arbitrary code.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fujielectric	Alpha7 Pc Loader Alpha7 Pc Loader Firmware

Configuration 1 [-]

AND

cpe:2.3:h:fujielectric:alpha7_pc_loader:-:*:*:*:*:*:*:*

cpe:2.3:o:fujielectric:alpha7_pc_loader_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-22-151-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2022-08-31T15:32:57.691268Z

Updated: 2024-09-16T18:55:32.512Z

Reserved: 2022-05-25T00:00:00

Link: CVE-2022-1888

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-08-31T16:15:09.943

Modified: 2022-09-07T20:18:37.573

Link: CVE-2022-1888

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Alpha7 PC Loader", "vendor": "Fuji Electric", "versions": [{"status": "affected", "version": "All Versions"}]}], "datePublic": "2022-05-31T00:00:00", "descriptions": [{"lang": "en", "value": "Alpha7 PC Loader (All versions) is vulnerable to a stack-based buffer overflow while processing a specifically crafted project file, which may allow an attacker to execute arbitrary code."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-31T15:32:57", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-151-01"}], "source": {"advisory": "ICSA-22-151-01", "discovery": "UNKNOWN"}, "title": "Fuji Electric Alpha7 PC Loader Fuji Electric Alpha7 PC Loader", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2022-05-31T14:06:00.000Z", "ID": "CVE-2022-1888", "STATE": "PUBLIC", "TITLE": "Fuji Electric Alpha7 PC Loader Fuji Electric Alpha7 PC Loader"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Alpha7 PC Loader", "version": {"version_data": [{"version_affected": "=", "version_name": "All Versions", "version_value": "All Versions"}]}}]}, "vendor_name": "Fuji Electric"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Alpha7 PC Loader (All versions) is vulnerable to a stack-based buffer overflow while processing a specifically crafted project file, which may allow an attacker to execute arbitrary code."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-121 Stack-based Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-151-01", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-151-01"}]}, "source": {"advisory": "ICSA-22-151-01", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:17:00.893Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-151-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2022-1888", "datePublished": "2022-08-31T15:32:57.691268Z", "dateReserved": "2022-05-25T00:00:00", "dateUpdated": "2024-09-16T18:55:32.512Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:fujielectric:alpha7_pc_loader:-:*:*:*:*:*:*:*", "matchCriteriaId": "11CBD820-DAA6-4076-A96B-4FC283EF54B5", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:fujielectric:alpha7_pc_loader_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBFC6E18-C107-4ABE-A668-BDDAF09BCABB", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Alpha7 PC Loader (All versions) is vulnerable to a stack-based buffer overflow while processing a specifically crafted project file, which may allow an attacker to execute arbitrary code."}, {"lang": "es", "value": "Alpha7 PC Loader (Todas las versiones) es vulnerable a un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria mientras procesa un archivo de proyecto espec\u00edficamente dise\u00f1ado, lo que puede permitir a un atacante ejecutar c\u00f3digo arbitrario"}], "id": "CVE-2022-1888", "lastModified": "2022-09-07T20:18:37.573", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2022-08-31T16:15:09.943", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-151-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-121"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}