CVE-2022-41989 (GCVE-0-2022-41989)

Vulnerability from cvelistv5 – Published: 2023-01-18 00:30 – Updated: 2025-01-16 22:00
VLAI?
Title
CVE-2022-41989
Summary
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not validate the length of RTLS report payloads during communication. This allows an attacker to send an exceedingly long payload, resulting in an out-of-bounds write to cause a denial-of-service condition or code execution.
Severity ?
9 (Critical)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE
Assigner
References
Impacted products
Vendor Product Version
Sewio RTLS Studio Affected: 2.0.0 , ≤ 2.6.2 (custom)
Create a notification for this product.
Credits
Andrea Palanca of Nozomi Networks
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:56:39.105Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-41989",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-16T20:32:21.891422Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-16T22:00:32.860Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "RTLS Studio",
          "vendor": "Sewio",
          "versions": [
            {
              "lessThanOrEqual": "2.6.2",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Andrea Palanca of Nozomi Networks"
        }
      ],
      "datePublic": "2023-01-12T20:46:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eSewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not validate the length of RTLS report payloads during communication. This allows an attacker to send an exceedingly long payload, resulting in an out-of-bounds write to cause a denial-of-service condition or code execution.\u003c/p\u003e"
            }
          ],
          "value": "Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not validate the length of RTLS report payloads during communication. This allows an attacker to send an exceedingly long payload, resulting in an out-of-bounds write to cause a denial-of-service condition or code execution.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-18T00:30:13.790Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "CVE-2022-41989",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\u003cp\u003eSewio also recommends the following workarounds to reduce the risk of exploitation: \u003c/p\u003e\n\n\u003cul\u003e\u003cli\u003eMinimize network exposure for all control system devices and/or systems, and ensure they are \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01\"\u003enot accessible from the internet\u003c/a\u003e. \u003c/li\u003e\n\t\u003cli\u003eLocate control system networks and remote devices behind firewalls and isolate them from business networks. \u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Sewio also recommends the following workarounds to reduce the risk of exploitation: \n\n\n\n  *  Minimize network exposure for all control system devices and/or systems, and ensure they are  not accessible from the internet https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 . \n\n\t  *  Locate control system networks and remote devices behind firewalls and isolate them from business networks. \n\n\n\n\n\n"
        }
      ],
      "x_generator": {
        "engine": "VINCE 2.0.5",
        "env": "prod",
        "origin": "https://cveawg.mitre.org/api/cve/CVE-2022-41989"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2022-41989",
    "datePublished": "2023-01-18T00:30:13.790Z",
    "dateReserved": "2022-12-21T18:52:32.337Z",
    "dateUpdated": "2025-01-16T22:00:32.860Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-41989\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2023-01-18T01:15:11.960\",\"lastModified\":\"2024-11-21T07:24:13.533\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not validate the length of RTLS report payloads during communication. This allows an attacker to send an exceedingly long payload, resulting in an out-of-bounds write to cause a denial-of-service condition or code execution.\\n\\n\"},{\"lang\":\"es\",\"value\":\"Real-Time Location System (RTLS) Studio de Sewio, versi\u00f3n 2.0.0 hasta la versi\u00f3n 2.6.2 incluida, no valida la longitud de los payloads del informe RTLS durante la comunicaci\u00f3n. Esto permite a un atacante enviar un payload excesivamente larga, lo que da como resultado una escritura fuera de los l\u00edmites que provoca una condici\u00f3n de denegaci\u00f3n de servicio o la ejecuci\u00f3n de c\u00f3digo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sewio:real-time_location_system_studio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0.\",\"versionEndIncluding\":\"2.6.2\",\"matchCriteriaId\":\"1971DCDC-FA83-4823-B385-6409E5D6CA94\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T12:56:39.105Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-41989\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-16T20:32:21.891422Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-16T20:32:23.606Z\"}}], \"cna\": {\"title\": \"CVE-2022-41989\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Andrea Palanca of Nozomi Networks\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Sewio\", \"product\": \"RTLS Studio\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.6.2\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-01-12T20:46:00.000Z\", \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Sewio also recommends the following workarounds to reduce the risk of exploitation: \\n\\n\\n\\n  *  Minimize network exposure for all control system devices and/or systems, and ensure they are  not accessible from the internet https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 . \\n\\n\\t  *  Locate control system networks and remote devices behind firewalls and isolate them from business networks. \\n\\n\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\u003cp\u003eSewio also recommends the following workarounds to reduce the risk of exploitation: \u003c/p\u003e\\n\\n\u003cul\u003e\u003cli\u003eMinimize network exposure for all control system devices and/or systems, and ensure they are \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01\\\"\u003enot accessible from the internet\u003c/a\u003e. \u003c/li\u003e\\n\\t\u003cli\u003eLocate control system networks and remote devices behind firewalls and isolate them from business networks. \u003c/li\u003e\u003c/ul\u003e\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"env\": \"prod\", \"engine\": \"VINCE 2.0.5\", \"origin\": \"https://cveawg.mitre.org/api/cve/CVE-2022-41989\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Sewio\\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not validate the length of RTLS report payloads during communication. This allows an attacker to send an exceedingly long payload, resulting in an out-of-bounds write to cause a denial-of-service condition or code execution.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eSewio\\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not validate the length of RTLS report payloads during communication. This allows an attacker to send an exceedingly long payload, resulting in an out-of-bounds write to cause a denial-of-service condition or code execution.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2023-01-18T00:30:13.790Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-41989\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-16T22:00:32.860Z\", \"dateReserved\": \"2022-12-21T18:52:32.337Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2023-01-18T00:30:13.790Z\", \"assignerShortName\": \"icscert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.