CVE-2022-27579 — HIGH (7.8)

Q: How severe is CVE-2022-27579?

CVE-2022-27579 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-27579?

Check the references section above for vendor advisories and patch information. Affected products include: Sick Flexi Soft Designer.

Vulnerability Description

A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Soft Designer in all versions up to and including 1.9.4 SP1 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges of the current user when opened or imported by the Flexi Soft Designer. This compromises confidentiality integrity and availability. For the attack to succeed a user must manually open a malicious project file.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sick	Flexi Soft Designer	< 1.9.4

Related Weaknesses (CWE)

CWE-502

References

https://sick.com/psirtMitigationVendor Advisory
https://sick.com/psirtMitigationVendor Advisory

FAQ

What is CVE-2022-27579?

CVE-2022-27579 is a vulnerability with a CVSS score of 7.8 (HIGH). A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Soft Designer in all versions up to and including 1.9.4 SP1 allows an attacker to craft malicious proje...

How severe is CVE-2022-27579?

CVE-2022-27579 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-27579?

Check the references section above for vendor advisories and patch information. Affected products include: Sick Flexi Soft Designer.