Vulnerability Description
Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute arbitrary binaries. Due to insufficient path sanitization, an attacker can place a malicious binary in the execution path of a configured external application, causing it to be executed instead of the intended application. This can result in execution with elevated privileges depending on the context of the external application.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://assets.belden.com/m/62ae167036cb17c3/original/Microsoft-Word-Belden_Secu
- https://www.vulncheck.com/advisories/hirschmann-industrial-hivision-external-app
FAQ
What is CVE-2022-4987?
CVE-2022-4987 is a vulnerability with a CVSS score of 7.3 (HIGH). Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute a...
How severe is CVE-2022-4987?
CVE-2022-4987 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-4987?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.