VDB
CVE-2022-38466
CVE-2022-38466
PUBLISHED
CVSS 7.800000190734863 HIGH
A vulnerability has been identified in CoreShield One-Way Gateway (OWG) Software (All versions < V2.2). The default installation sets insecure file permissions that could allow a local attacker to escalate privileges to local administrator.
EPSS 0.03% · 9.3th percentile
Risk Scores
CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.03%
9.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| siemens | coreshield_one-way_gateway | 0 |
| Siemens | CoreShield One-Way Gateway (OWG) Software | All versions < V2.2 |
Timeline
- Sep 13, 2022 CVE Published
- Sep 14, 2022 EPSS Score
- Oct 29, 2022 EPSS Score
- Dec 13, 2022 EPSS Score
- Jan 27, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 13, 2023 EPSS Score
- Apr 26, 2023 EPSS Score
- Jun 10, 2023 EPSS Score
- Jul 25, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Oct 23, 2023 EPSS Score
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-589975.pdf url
- https://cert-portal.siemens.com/productcert/html/ssa-589975.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-638652.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-459643.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-518824.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-637483.html advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-38466 advisory