CVE-2022-29072 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-29072 PUBLISHED CVSS 7.800000190734863 HIGH

7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process.

EPSS 18.07% · 95.1th percentile

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

EPSS Score

18.07%

95.1th percentile

Affected Products

Vendor	Product	Versions
ABB	ABB 800xA for Symphony Plus Harmony <=6.2
ABB	ABB 800xA History <=7.0
ABB	ABB 800xA for AC 870P Melody <=6.2
ABB	ABB Batch Management <=6.2
ABB	ABB Production Response Batch History <=6.2
ABB	ABB Application Change Management <=6.2

Timeline

Apr 15, 2022 CVE Published
Apr 16, 2022 EPSS Score
Jul 25, 2022 EPSS Score
Sep 13, 2022 EPSS Score
Dec 21, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 30, 2023 EPSS Score
May 18, 2023 EPSS Score
Aug 26, 2023 EPSS Score
Oct 14, 2023 EPSS Score
Jan 21, 2024 EPSS Score
Mar 11, 2024 EPSS Score

References

https://psirt.abb.com/csaf/2026/7paa023732.json advisory
https://search.abb.com/library/Download.aspx?DocumentID=7PAA023732&LanguageCode=en&DocumentPartId=&Action=Launch advisory
https://library.abb.com/d/3BDS011222D7000 advisory
https://library.abb.com/d/3BSE034463D7000 advisory
https://library.abb.com/d/3BSE037410D7000 advisory
https://library.abb.com/d/3BSE080520D7000 advisory
https://nvd.nist.gov/vuln/detail/CVE-2022-29072 advisory

Open in Interactive Console →