CVE-2022-25359

EUVD-2022-30030
On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
iclinksscadaflex_ii_firmware
1.01.01
iclinksscadaflex_ii_firmware
1.01.14
iclinksscadaflex_ii_firmware
1.02.01
iclinksscadaflex_ii_firmware
1.02.15
iclinksscadaflex_ii_firmware
1.02.20
iclinksscadaflex_ii_firmware
1.03.07
iclinksweblib
1.13
iclinksweblib
1.14
iclinksweblib
1.16
iclinksweblib
1.22
iclinksweblib
1.24
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://files.iclinks.com/datasheets/Scadaflex%20II/Scadaflex%20SC-1%20&%20SC-2_A1_compressed.pdf
https://packetstormsecurity.com/files/166103/ICL-ScadaFlex-II-SCADA-Controllers-SC-1-SC-2-1.03.07-Remote-File-Modification.html
http://files.iclinks.com/datasheets/Scadaflex%20II/Scadaflex%20SC-1%20&%20SC-2_A1_compressed.pdf
https://packetstormsecurity.com/files/166103/ICL-ScadaFlex-II-SCADA-Controllers-SC-1-SC-2-1.03.07-Remote-File-Modification.html