Buffer Overflow in OpenV2G EXI Parsing Affects Product by Siemens
CVE-2022-27242

5.5MEDIUM

Key Information:

Vendor: Siemens
Status: Openv2g
Vendor: CVE Published:; 20 May 2022

What is CVE-2022-27242?

A vulnerability exists in the OpenV2G EXI parsing feature, specifically related to the parsing of X509 serial numbers. This flaw lacks a critical length check, allowing attackers to exploit it and potentially introduce a buffer overflow. Such an attack could lead to severe memory corruption, posing a significant risk to the stability and security of the affected systems.

Affected Version(s)

OpenV2G V0.9.4

References

https://cert-portal.siemens.com/productcert/pdf/ssa-73638...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2022
Vulnerability Reserved
Mar 18, 2022