CVE-2022-21933 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.7 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
twcert	CNA	6.7 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 6%

Vendor	Product	Version
asus	vc65-c1_firmware	𝑥 < 1302
asus	pb60v_firmware	𝑥 < 1302
asus	pb60g_firmware	𝑥 < 1302
asus	pb60s_firmware	𝑥 < 1302
asus	pa90_firmware	𝑥 < 1401
asus	pb50_firmware	𝑥 < 902
asus	pb60_firmware	𝑥 < 1502
asus	pb61v_firmware	𝑥 < 601
asus	ts10_firmware	𝑥 < 609
asus	pn40_firmware	𝑥 < 2201
asus	pn60_firmware	𝑥 < 808
asus	pn30_firmware	𝑥 < 320
asus	un65u_firmware	𝑥 < 618

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html

https://www.twcert.org.tw/tw/cp-132-5547-34bc4-1.html