CVE-2022-2253
published 2022-07-01CVE-2022-2253: A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the host server.
PriorityP352critical9.1CVSS 3.1
AVNACLPRHUINSCCHIHAH
EPSS
1.12%
62.2th percentile
A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the host server.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| distributed_data_systems | webhmi | — | — |
| webhmi | webhmi_firmware | <= 4.1.1.7662 | — |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Distributed Data Systems WebHMI
cisa_ics·2022-06-30·CVSS 9.1
[CRITICAL] Distributed Data Systems WebHMI
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Distributed Data Systems WebHMI
Last RevisedJune 30, 2022
Alert CodeICSA-22-181-04
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.1
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Distributed Data Systems
- Equipment: WebHMI
- Vulnerabilities: Cross-site Scripting, OS Command Injection
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a user with administrative privileges in WebHMI to execute arbitrary OS commands or impact other logged in users.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The fo
GHSA
GHSA-p9f4-jf4w-hf2c: A user with administrative privileges in Distributed Data Systems WebHMI 4
ghsa_unreviewed·2022-07-02
CVE-2022-2253 [CRITICAL] CWE-78 GHSA-p9f4-jf4w-hf2c: A user with administrative privileges in Distributed Data Systems WebHMI 4
A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the host server.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-07-01
Published