A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality. No authentication or controls are in place to prevent a threat actor from maliciously modifying firmware and performing a drive-by attack to load the firmware on any CMS8000 device.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: icscert
Published: 2022-09-13T14:54:35.692019Z
Updated: 2024-09-16T19:46:19.342Z
Reserved: 2022-08-29T00:00:00
Link: CVE-2022-36385
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-09-13T15:15:08.480
Modified: 2022-09-15T17:27:18.930
Link: CVE-2022-36385
Redhat
No data.