CVE-2022-27580 — HIGH (7.8)

Q: How severe is CVE-2022-27580?

CVE-2022-27580 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-27580?

Check the references section above for vendor advisories and patch information. Affected products include: Sick Safety Designer.

Vulnerability Description

A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including 1.11.0 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges of the current user when opened or imported by the Safety Designer. This compromises confidentiality integrity and availability. For the attack to succeed a user must manually open a malicious project file.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sick	Safety Designer	<= 1.11.0

Related Weaknesses (CWE)

CWE-502

References

https://sick.com/psirtMitigationVendor Advisory
https://sick.com/psirtMitigationVendor Advisory

FAQ

What is CVE-2022-27580?

CVE-2022-27580 is a vulnerability with a CVSS score of 7.8 (HIGH). A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including 1.11.0 allows an attacker to craft malicious project files. ...

How severe is CVE-2022-27580?

CVE-2022-27580 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-27580?

Check the references section above for vendor advisories and patch information. Affected products include: Sick Safety Designer.