CVE-2022-3090 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2022-3090?

CVE-2022-3090 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-3090?

Check the references section above for vendor advisories and patch information. Affected products include: Redlion Crimson.

Vulnerability Description

Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Redlion	Crimson	< 3.0

Related Weaknesses (CWE)

CWE-22

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01Third Party AdvisoryUS Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2022-3090?

CVE-2022-3090 is a vulnerability with a CVSS score of 7.5 (HIGH). Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to op...

How severe is CVE-2022-3090?

CVE-2022-3090 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-3090?

Check the references section above for vendor advisories and patch information. Affected products include: Redlion Crimson.