CVE-2022-1667 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
icscert	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Vendor	Product	Version
secheron	sepcos_control_and_protection_relay_firmware	1.23.0 ≤ 𝑥 < 1.23.21
secheron	sepcos_control_and_protection_relay_firmware	1.24.0 ≤ 𝑥 < 1.24.8
secheron	sepcos_control_and_protection_relay_firmware	1.25.0 ≤ 𝑥 < 1.25.3

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-841 - Improper Enforcement of Behavioral Workflow
The software supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence.

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03

https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03