CVE-2022-41976 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2022-41976

CVE-2022-41976

April 10, 2023

An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 build 2948559113 allows remote attackers, authenticated in the application as a low-privileged user to change role (e.g., to administrator) by updating their user profile.

Related Resources (3)

https://m3n0sd0n4ld.blogspot.com/2022/11/scada-lts-privilege-escalation-cve-2022.html

https://github.com/SCADA-LTS/Scada-LTS/releases

http://scada-lts.org/

Do you need more information?

CVSS v4

Base Score:

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

HIGH

Subsequent System Integrity

HIGH

Subsequent System Availability

HIGH

CVSS v3

Base Score:

9.9

Attack Complexity

LOW

Attack Vector

NETWORK

Availability

HIGH

Confidentiality

HIGH

Integrity

HIGH

Privileges Required

LOW

Scope

CHANGED

User Interaction

NONE

EPSS

Base Score:

0.59

Products

Solutions

Resources

Company

Compare

Developer Tools