CVE-2022-2102
Last modified
CVE-2022-2102 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. EPSS estimates a 0.85% chance of exploitation in the next 30 days.
Description
Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file upload into a location where PHP scripts may be executed.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Secheron | Sepcos Control And Protection Relay Firmware | >= 1.23.0, < 1.23.21 |
| Secheron | Sepcos Control And Protection Relay Firmware | >= 1.24.0, < 1.24.8 |
| Secheron | Sepcos Control And Protection Relay Firmware | >= 1.25.0, < 1.25.3 |
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03Mitigation, Third Party Advisory, US Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03Mitigation, Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-2102?
How severe is CVE-2022-2102?
How do I fix CVE-2022-2102?
Are you affected by CVE-2022-2102?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST