Search criteria
2 vulnerabilities found for HOPCS by HIMA
CVE-2022-4258 (GCVE-0-2022-4258)
Vulnerability from nvd – Published: 2023-01-16 09:52 – Updated: 2025-04-03 13:40
VLAI?
Title
Hima: Unquoted path vulnerabilities in HIMA PC based Software
Summary
In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system.
Severity ?
7.8 (High)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
Impacted products
Credits
This vulnerability has been found by a HIMA customer.
Case handled by PSIRT@hima.com in cooperation with CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:34:49.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-059/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4258",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T13:39:59.396159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T13:40:22.235Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HOPCS",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "3.56.4",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X-OPC DA",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "5.6.1210",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X-OPC A+E ",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "5.6.1210",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X-OTS",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "1.32.550",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "This vulnerability has been found by a HIMA customer."
},
{
"lang": "en",
"type": "coordinator",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Case handled by PSIRT@hima.com in cooperation with CERT@VDE"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability\u0026nbsp;might allow local users to gain privileges via a malicious .exe file and gain full access to the system."
}
],
"value": "In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability\u00a0might allow local users to gain privileges via a malicious .exe file and gain full access to the system."
}
],
"impacts": [
{
"capecId": "CAPEC-38",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-16T09:52:09.647Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-059/"
}
],
"source": {
"advisory": "VDE-2022-059",
"defect": [
"CERT@VDE#64320"
],
"discovery": "EXTERNAL"
},
"title": "Hima: Unquoted path vulnerabilities in HIMA PC based Software",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-4258",
"datePublished": "2023-01-16T09:52:09.647Z",
"dateReserved": "2022-12-01T14:43:52.479Z",
"dateUpdated": "2025-04-03T13:40:22.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4258 (GCVE-0-2022-4258)
Vulnerability from cvelistv5 – Published: 2023-01-16 09:52 – Updated: 2025-04-03 13:40
VLAI?
Title
Hima: Unquoted path vulnerabilities in HIMA PC based Software
Summary
In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system.
Severity ?
7.8 (High)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
Impacted products
Credits
This vulnerability has been found by a HIMA customer.
Case handled by PSIRT@hima.com in cooperation with CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:34:49.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-059/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4258",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T13:39:59.396159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T13:40:22.235Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HOPCS",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "3.56.4",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X-OPC DA",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "5.6.1210",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X-OPC A+E ",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "5.6.1210",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X-OTS",
"vendor": "HIMA",
"versions": [
{
"lessThanOrEqual": "1.32.550",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "This vulnerability has been found by a HIMA customer."
},
{
"lang": "en",
"type": "coordinator",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Case handled by PSIRT@hima.com in cooperation with CERT@VDE"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability\u0026nbsp;might allow local users to gain privileges via a malicious .exe file and gain full access to the system."
}
],
"value": "In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability\u00a0might allow local users to gain privileges via a malicious .exe file and gain full access to the system."
}
],
"impacts": [
{
"capecId": "CAPEC-38",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-16T09:52:09.647Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-059/"
}
],
"source": {
"advisory": "VDE-2022-059",
"defect": [
"CERT@VDE#64320"
],
"discovery": "EXTERNAL"
},
"title": "Hima: Unquoted path vulnerabilities in HIMA PC based Software",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-4258",
"datePublished": "2023-01-16T09:52:09.647Z",
"dateReserved": "2022-12-01T14:43:52.479Z",
"dateUpdated": "2025-04-03T13:40:22.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}