A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality. No authentication or controls are in place to prevent a threat actor from maliciously modifying firmware and performing a drive-by attack to load the firmware on any CMS8000 device.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01 | Mitigation Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2022-09-01T00:00:00
Updated: 2022-09-13T14:54:35
Reserved: 2022-08-29T00:00:00
Link: CVE-2022-36385
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-09-13T15:15:08.480
Modified: 2022-09-15T17:27:18.930
Link: CVE-2022-36385
JSON object: View
Redhat Information
No data.