CVE-2022-2759
Last modified
CVE-2022-2759 is a high-severity vulnerability rated 8.6/10 on the CVSS scale. Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. This may allow an attacker to view sensitive documents and information on the affected host.. EPSS estimates a 1.00% chance of exploitation in the next 30 days.
Description
Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. This may allow an attacker to view sensitive documents and information on the affected host.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Deltaww | Delta Robot Automation Studio | < 1.13.20 |
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-03Patch, Third Party Advisory, US Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-03Patch, Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-2759?
How severe is CVE-2022-2759?
How do I fix CVE-2022-2759?
Are you affected by CVE-2022-2759?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST