VDB
ICSA-22-286-05
ICSA-22-286-05
PUBLISHED
CVSS 3.0999999046325684 LOW
Successful exploitation of these vulnerabilities could crash the Prognostic Model Executor and could allow remote code execution.
Risk Scores
CVSS 3.1
3.0999999046325684
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lumada Asset Performance Manager (APM) - Lumada Asset Performance Manager (APM) versions 6.3.0.0 to 6.3.0.2 | ||
| Lumada Asset Performance Manager (APM) - Lumada Asset Performance Manager (APM) versions 6.0.0.0 to 6.0.0.4 | ||
| Lumada Asset Performance Manager (APM) - Lumada Asset Performance Manager (APM) online service (SaaS) version 6.3.220323.0 and prior | ||
| Lumada Asset Performance Manager (APM) - Lumada Asset Performance Manager (APM) versions 6.2.0.0 to 6.2.0.2 | ||
| Lumada Asset Performance Manager (APM) - Lumada Asset Performance Manager (APM) versions 6.1.0.0 and 6.1.0.1 |
Timeline
- Apr 7, 2022 PoC Published
- Oct 13, 2022 CVE Published
- Oct 21, 2023 PoC Published
- Nov 17, 2024 PoC Published
- Apr 13, 2026 PoC Published
References
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-286-05.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-22-286-05 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.hitachienergy.com/contact-us fix
- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000105 fix