CVE-2022-28944

Name of the Vulnerable Software and Affected Versions EMCO Software products, including MSI Package Builder for Windows version 9.1.4 Remote Installer for Windows version 6.0.13 Ping Monitor for Windows version 8.0.18 Remote Shutdown for Windows version 7.2.2 WakeOnLan version 2.0.8 Network Inventory for Windows version 5.8.22 Network Software Scanner for Windows version 2.0.8 UnLock IT for Windows version 6.1.1

Description The issue affects the Updater component of certain EMCO Software products, allowing for the download of code without integrity checks. This can lead to the execution of arbitrary code remotely. To exploit this vulnerability, a user must trigger an update of an affected installation of EMCO Software. The vulnerability is related to a remote code execution issue during the update process.

Recommendations For MSI Package Builder for Windows version 9.1.4, consider disabling the Updater component until a patch is available. For Remote Installer for Windows version 6.0.13, restrict access to the update feature to minimize the risk of exploitation. For Ping Monitor for Windows version 8.0.18, avoid triggering updates until the issue is resolved. For Remote Shutdown for Windows version 7.2.2, temporarily disable the update functionality. For WakeOnLan version 2.0.8, refrain from using the update feature. For Network Inventory for Windows version 5.8.22, consider disabling the Updater component. For Network Software Scanner for Windows version 2.0.8, restrict access to the update feature. For UnLock IT for Windows version 6.1.1, avoid triggering updates until the issue is resolved.