CVE-2022-2897

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Measuresoft ScadaPro Server and Client (All Versions)

Description The issue is related to the improper resolution of links before file access, which could allow privilege escalation. This could potentially be exploited by a remote attacker to elevate their privileges.

Recommendations For all versions, consider restricting access to sensitive files and directories to minimize the risk of exploitation until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

BDU:2022-05520

CVE-2022-2897

ZDI-22-1144

ZDI-22-1145

ZDI-22-1146

ZDI-22-1147

ZDI-22-1148

ZDI-22-1149

Affected Products

Measuresoft Scadapro Client

Measuresoft Scadapro Server

CVE-2022-2897

Weakness Enumeration

Related Identifiers

Affected Products

References · 11