CVE-2022-32530 - OpenCVE

A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. Affected Product: Geo SCADA Mobile (Build 222 and prior)

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Schneider-electric	Geo Scada Mobile

Configuration 1 [-]

OR	cpe:2.3:a:schneider-electric:geo_scada_mobile::::::android::*
	cpe:2.3:a:schneider-electric:geo_scada_mobile:2020:-::::android::*
	cpe:2.3:a:schneider-electric:geo_scada_mobile:2020:build_222::::android::*

References

Link	Resource
https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-02_Geo_SCADA_Android_App_Security_Notification.pdf	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: schneider

Published: 2022-06-24T13:00:17

Updated: 2022-06-24T13:00:17

Reserved: 2022-06-07T00:00:00

Link: CVE-2022-32530

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-06-24T13:15:07.287

Modified: 2022-07-06T17:11:39.337

Link: CVE-2022-32530

JSON object: View

Redhat Information

No data.

CWE

CWE-668

{"containers": {"cna": {"affected": [{"product": "Geo SCADA Mobile", "vendor": "Schneider Electric", "versions": [{"lessThanOrEqual": "222", "status": "affected", "version": "Build", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. Affected Product: Geo SCADA Mobile (Build 222 and prior)"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-668", "description": "CWE-668 Exposure of Resource to Wrong Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-24T13:00:17", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-02_Geo_SCADA_Android_App_Security_Notification.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2022-32530", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Geo SCADA Mobile", "version": {"version_data": [{"version_affected": "<=", "version_name": "Build", "version_value": "222"}]}}]}, "vendor_name": "Schneider Electric"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. Affected Product: Geo SCADA Mobile (Build 222 and prior)"}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-668 Exposure of Resource to Wrong Sphere"}]}]}, "references": {"reference_data": [{"name": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-02_Geo_SCADA_Android_App_Security_Notification.pdf", "refsource": "MISC", "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-02_Geo_SCADA_Android_App_Security_Notification.pdf"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2022-32530", "datePublished": "2022-06-24T13:00:17", "dateReserved": "2022-06-07T00:00:00", "dateUpdated": "2022-06-24T13:00:17", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:geo_scada_mobile:*:*:*:*:*:android:*:*", "matchCriteriaId": "FAF12EB4-7FC7-4F3C-896B-7C4D997A5E07", "versionEndExcluding": "2020", "vulnerable": true}, {"criteria": "cpe:2.3:a:schneider-electric:geo_scada_mobile:2020:-:*:*:*:android:*:*", "matchCriteriaId": "94B3C2B6-EF85-4813-AD08-34B63BFEA46E", "vulnerable": true}, {"criteria": "cpe:2.3:a:schneider-electric:geo_scada_mobile:2020:build_222:*:*:*:android:*:*", "matchCriteriaId": "8D1B5192-7F9C-4F0D-BBCD-09CFCF4863CC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. Affected Product: Geo SCADA Mobile (Build 222 and prior)"}, {"lang": "es", "value": "Una CWE-668: Se presenta una vulnerabilidad de Exposici\u00f3n de Recursos a Esferas Equivocadas que podr\u00eda causar que usuarios sean enga\u00f1ados, ocultando alarmas, mostrando la opci\u00f3n de conexi\u00f3n al servidor equivocada o la petici\u00f3n de control equivocada cuando un dispositivo m\u00f3vil ha sido comprometido por una aplicaci\u00f3n maliciosa. Producto afectado: Geo SCADA Mobile (Build 222 y anteriores)"}], "id": "CVE-2022-32530", "lastModified": "2022-07-06T17:11:39.337", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 3.4, "source": "cybersecurity@se.com", "type": "Secondary"}]}, "published": "2022-06-24T13:15:07.287", "references": [{"source": "cybersecurity@se.com", "tags": ["Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-02_Geo_SCADA_Android_App_Security_Notification.pdf"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "cybersecurity@se.com", "type": "Primary"}]}