Fuji Electric D300win Write-what-where condition
CVE-2022-1523

6.1MEDIUM

Key Information:

Vendor: Fuji Electric
Status: D300win
Vendor: CVE Published:; 30 August 2022

🔔 Create Fuji Electric Vulnerability Alert

What is CVE-2022-1523?

Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to a write-what-where condition, which could allow an attacker to overwrite program memory to manipulate the flow of information.

Affected Version(s)

D300win 3.7.1.16 < 3.7.1.17

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-05

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 30, 2022
Vulnerability Reserved
Apr 28, 2022

Credit

Uri Katz from Claroty reported these vulnerabilities to CISA.

JSON