Global Variable Vulnerability in Horner Automation RCC 972 Firmware
CVE-2022-2642

7.5HIGH

Key Information:

Vendor: Horner Automation
Status: Remote Compact Controller (rcc) 972
Vendor: CVE Published:; 2 December 2022

🔔 Create Horner Automation Vulnerability Alert

What is CVE-2022-2642?

The RCC 972 firmware version 15.40 from Horner Automation contains a vulnerability related to the handling of global variables. This flaw allows potential attackers to gain unauthorized access to sensitive values and variable keys stored within the device, potentially compromising the integrity of the system and exposing critical information. Users should be aware of this issue and take necessary precautions to mitigate risks associated with this vulnerability.

Affected Version(s)

Remote Compact Controller (RCC) 972 Firmware Version 15.40

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-335-02

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 2, 2022
Vulnerability Reserved
Aug 3, 2022

Credit

m1etz reported these vulnerabilities through the Computer Emergency Response Team, CERT-Bund, to CISA

CVE-2022-2642 Data

JSON