CVE-2022-4258 - Vulnerability Details - OpenCVE

In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00032.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Hima	Hopcs X-opc A\+e X-opc Da X-ots
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:hima:hopcs::::::::
	cpe:2.3:a:hima:x-opc_a\+e::::::::
	cpe:2.3:a:hima:x-opc_da::::::::
	cpe:2.3:a:hima:x-ots::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-51614	In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://cert.vde.com/en/advisories/VDE-2022-059/

History

Thu, 03 Apr 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2023-01-16T09:52:09.647Z

Updated: 2025-04-03T13:40:22.235Z

Reserved: 2022-12-01T14:43:52.479Z

Link: CVE-2022-4258

Vulnrichment

Updated: 2024-08-03T01:34:49.949Z

NVD

Status : Modified

Published: 2023-01-16T10:15:10.313

Modified: 2024-11-21T07:34:53.393

Link: CVE-2022-4258

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-4258", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2022-12-01T14:43:52.479Z", "datePublished": "2023-01-16T09:52:09.647Z", "dateUpdated": "2025-04-03T13:40:22.235Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HOPCS", "vendor": "HIMA", "versions": [{"lessThanOrEqual": "3.56.4", "status": "affected", "version": "1.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "X-OPC DA", "vendor": "HIMA", "versions": [{"lessThanOrEqual": "5.6.1210", "status": "affected", "version": "1.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "X-OPC A+E ", "vendor": "HIMA", "versions": [{"lessThanOrEqual": "5.6.1210", "status": "affected", "version": "1.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "X-OTS", "vendor": "HIMA", "versions": [{"lessThanOrEqual": "1.32.550", "status": "affected", "version": "1.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "This vulnerability has been found by a HIMA customer."}, {"lang": "en", "type": "coordinator", "user": "00000000-0000-4000-9000-000000000000", "value": "Case handled by PSIRT@hima.com in cooperation with CERT@VDE"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system."}], "value": "In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability\u00a0might allow local users to gain privileges via a malicious .exe file and gain full access to the system."}], "impacts": [{"capecId": "CAPEC-38", "descriptions": [{"lang": "en", "value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-428", "description": "CWE-428 Unquoted Search Path or Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-01-16T09:52:09.647Z"}, "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2022-059/"}], "source": {"advisory": "VDE-2022-059", "defect": ["CERT@VDE#64320"], "discovery": "EXTERNAL"}, "title": "Hima: Unquoted path vulnerabilities in HIMA PC based Software", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:34:49.949Z"}, "title": "CVE Program Container", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2022-059/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-03T13:39:59.396159Z", "id": "CVE-2022-4258", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-03T13:40:22.235Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2022-059/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:34:49.949Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-4258", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-03T13:39:59.396159Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-03T13:40:10.502Z"}}], "cna": {"title": "Hima: Unquoted path vulnerabilities in HIMA PC based Software", "source": {"defect": ["CERT@VDE#64320"], "advisory": "VDE-2022-059", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "This vulnerability has been found by a HIMA customer."}, {"lang": "en", "type": "coordinator", "user": "00000000-0000-4000-9000-000000000000", "value": "Case handled by PSIRT@hima.com in cooperation with CERT@VDE"}], "impacts": [{"capecId": "CAPEC-38", "descriptions": [{"lang": "en", "value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HIMA", "product": "HOPCS", "versions": [{"status": "affected", "version": "1.0.0", "versionType": "semver", "lessThanOrEqual": "3.56.4"}], "defaultStatus": "unaffected"}, {"vendor": "HIMA", "product": "X-OPC DA", "versions": [{"status": "affected", "version": "1.0.0", "versionType": "semver", "lessThanOrEqual": "5.6.1210"}], "defaultStatus": "unaffected"}, {"vendor": "HIMA", "product": "X-OPC A+E ", "versions": [{"status": "affected", "version": "1.0.0", "versionType": "semver", "lessThanOrEqual": "5.6.1210"}], "defaultStatus": "unaffected"}, {"vendor": "HIMA", "product": "X-OTS", "versions": [{"status": "affected", "version": "1.0.0", "versionType": "semver", "lessThanOrEqual": "1.32.550"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2022-059/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability\u00a0might allow local users to gain privileges via a malicious .exe file and gain full access to the system.", "supportingMedia": [{"type": "text/html", "value": "In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-428", "description": "CWE-428 Unquoted Search Path or Element"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-01-16T09:52:09.647Z"}}}, "cveMetadata": {"cveId": "CVE-2022-4258", "state": "PUBLISHED", "dateUpdated": "2025-04-03T13:40:22.235Z", "dateReserved": "2022-12-01T14:43:52.479Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2023-01-16T09:52:09.647Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hima:hopcs:*:*:*:*:*:*:*:*", "matchCriteriaId": "1FFBD495-B6DC-4DF2-99C6-BBB778BC0B5A", "versionEndIncluding": "3.56.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:hima:x-opc_a\\+e:*:*:*:*:*:*:*:*", "matchCriteriaId": "E39AB0B1-60C2-4321-A474-DBC441225B96", "versionEndIncluding": "5.6.1210", "vulnerable": true}, {"criteria": "cpe:2.3:a:hima:x-opc_da:*:*:*:*:*:*:*:*", "matchCriteriaId": "B65F8D0C-D953-4718-8D8D-6B772E78901E", "versionEndIncluding": "5.6.1210", "vulnerable": true}, {"criteria": "cpe:2.3:a:hima:x-ots:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2089FC4-BFD1-49BE-9794-CDA90A86F3B7", "versionEndIncluding": "1.32.550", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability\u00a0might allow local users to gain privileges via a malicious .exe file and gain full access to the system."}, {"lang": "es", "value": "En varias versiones del software HIMA para PC, una vulnerabilidad de ruta de b\u00fasqueda de Windows sin comillas podr\u00eda permitir a los usuarios locales obtener privilegios a trav\u00e9s de un archivo .exe malicioso y obtener acceso completo al sistema."}], "id": "CVE-2022-4258", "lastModified": "2024-11-21T07:34:53.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Secondary"}]}, "published": "2023-01-16T10:15:10.313", "references": [{"source": "info@cert.vde.com", "tags": ["Mitigation", "Third Party Advisory", "VDB Entry"], "url": "https://cert.vde.com/en/advisories/VDE-2022-059/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Third Party Advisory", "VDB Entry"], "url": "https://cert.vde.com/en/advisories/VDE-2022-059/"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-428"}], "source": "info@cert.vde.com", "type": "Secondary"}]}