CVE-2022-28944 — HIGH (8.8)

Vulnerability Description

Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network Inventory for Windows 5.8.22 and Network Software Scanner for Windows 2.0.8 and UnLock IT for Windows 6.1.1. The impact is: execute arbitrary code (remote). The component is: Updater. The attack vector is: To exploit this vulnerability, a user must trigger an update of an affected installation of EMCO Software. ¶¶ Multiple products from EMCO Software are affected by a remote code execution vulnerability during the update process.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Emcosoftware	Msi Package Builder	9.1.4
Emcosoftware	Network Inventory	5.8.22
Emcosoftware	Network Software Scanner	2.0.8
Emcosoftware	Ping Monitor	8.0.18
Emcosoftware	Remote Installer	6.0.13
Emcosoftware	Remote Shutdown	7.2.2
Emcosoftware	Unlock It	6.1.1
Microsoft	Windows	-
Emcosoftware	Wakeonlan	2.0.8

Related Weaknesses (CWE)

CWE-494

References

http://emco.comNot Applicable
http://msi.comNot Applicable
https://github.com/gerr-re/cve-2022-28944/blob/main/cve-2022-28944_public-advisoExploitThird Party Advisory
http://emco.comNot Applicable
http://msi.comNot Applicable
https://github.com/gerr-re/cve-2022-28944/blob/main/cve-2022-28944_public-advisoExploitThird Party Advisory

FAQ

What is CVE-2022-28944?

CVE-2022-28944 is a vulnerability with a CVSS score of 8.8 (HIGH). Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping M...

How severe is CVE-2022-28944?

CVE-2022-28944 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-28944?

Check the references section above for vendor advisories and patch information. Affected products include: Emcosoftware Msi Package Builder, Emcosoftware Network Inventory, Emcosoftware Network Software Scanner, Emcosoftware Ping Monitor, Emcosoftware Remote Installer.