OpenCVE

Lack of verification in B&R APROL Tbase server versions < R 4.2-07 may lead to memory leaks when receiving messages

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Br-automation	Industrial Automation Aprol

Configuration 1 [-]

cpe:2.3:a:br-automation:industrial_automation_aprol:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.br-automation.com/downloads_br_productcatalogue/assets/1674823095245-en-original-1.0.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: ABB

Published: 2023-02-08T10:06:06.480Z

Updated: 2024-08-03T13:40:06.241Z

Reserved: 2022-10-26T07:17:06.425Z

Link: CVE-2022-43762

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-08T11:15:10.353

Modified: 2024-11-21T07:27:10.870

Link: CVE-2022-43762

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-43762", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "state": "PUBLISHED", "assignerShortName": "ABB", "dateReserved": "2022-10-26T07:17:06.425Z", "datePublished": "2023-02-08T10:06:06.480Z", "dateUpdated": "2024-08-03T13:40:06.241Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "B&R APROL", "vendor": "B&R Industrial Automation", "versions": [{"status": "affected", "version": "< R 4.2-07"}]}], "datePublic": "2023-01-30T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": " Lack of verification in B&R APROL\nTbase server versions < R 4.2-07 may lead to memory leaks when receiving messages\n\n\n\n"}], "value": "\u00a0Lack of verification in B&R APROL\nTbase server versions\u00a0< R 4.2-07 may lead to memory leaks when receiving messages\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2023-02-08T10:06:06.480Z"}, "references": [{"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1674823095245-en-original-1.0.pdf"}], "source": {"discovery": "UNKNOWN"}, "title": "Memory leak when receiving messages in APROL Tbase server", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:40:06.241Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1674823095245-en-original-1.0.pdf", "tags": ["x_transferred"]}]}]}}