{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-3158", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "assignerShortName": "Rockwell", "dateUpdated": "2024-08-03T01:00:10.242Z", "dateReserved": "2022-09-07T00:00:00", "datePublished": "2022-10-17T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2022-10-17T00:00:00"}, "descriptions": [{"lang": "en", "value": "Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully exploited, this could allow a user with basic user privileges to perform remote code execution on the server."}], "affected": [{"vendor": "n/a", "product": "FactoryTalk VantagePoint", "versions": [{"version": "8.0, 8.10, 8.20, 8.30, 8.31", "status": "affected"}]}], "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137043"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-89 SQL Injection", "cweId": "CWE-89"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:00:10.242Z"}, "title": "CVE Program Container", "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137043", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "CAD07421-BA29-47E8-B96B-424C35194F2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.10:*:*:*:*:*:*:*", "matchCriteriaId": "5F68655B-5ED9-4B1C-9E7E-4374F5A31AFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.20:*:*:*:*:*:*:*", "matchCriteriaId": "272D6C41-9E30-4A70-BAD7-A94D8EE51167", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.30:*:*:*:*:*:*:*", "matchCriteriaId": "43E695DF-8CB1-49AA-BFEC-18336C2FCF8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_vantagepoint:8.31:*:*:*:*:*:*:*", "matchCriteriaId": "EA050720-1DC3-4B74-9AE4-5212D4A81938", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully exploited, this could allow a user with basic user privileges to perform remote code execution on the server."}, {"lang": "es", "value": "Rockwell Automation FactoryTalk VantagePoint versiones 8.0, 8.10, 8.20, 8.30 y 8.31, son vulnerables a una vulnerabilidad de comprobaci\u00f3n de entrada. El servidor SQL de FactoryTalk VantagePoint carece de comprobaci\u00f3n de entrada cuando los usuarios introducen sentencias SQL para recuperar informaci\u00f3n de la base de datos del back-end. Si es explotado con \u00e9xito, esto podr\u00eda permitir a un usuario con privilegios de usuario b\u00e1sicos llevar a cabo una ejecuci\u00f3n de c\u00f3digo remota en el servidor"}], "id": "CVE-2022-3158", "lastModified": "2022-10-20T14:42:28.307", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-17T22:15:10.437", "references": [{"source": "PSIRT@rockwellautomation.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137043"}], "sourceIdentifier": "PSIRT@rockwellautomation.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}

{}