← Back

CVE-2022-26507

nvd nist
Published: Apr 14, 2022Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CVE-2021-21829, or CVE-2021-21830. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Affected (5)

Att
1 product
Xmill
Schneider Electric
3 products
Ecostruxure Control Expert
Ecostruxure Process Expert
Remoteconnect
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Xmill
Version 0.7
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Ecostruxure Control Expert
Before 15.1
Ecostruxure Control Expert
Version 15.1
Ecostruxure Process Expert
Before 2021
Configuration C
1 vulnerable · 5 platform
Vulnerable SoftwareAffected Versions
Remoteconnect
All versions
Running on/withPlatform Versions
Schneider Electric
Scadapack 470
All versions
Schneider Electric
Scadapack 474
All versions
Schneider Electric
Scadapack 570
All versions
Schneider Electric
Scadapack 574
All versions
Schneider Electric
Scadapack 575
All versions

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

Source: cve@mitre.org
Not ApplicableThird Party Advisory
Source: cve@mitre.org
MitigationRelease NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Not ApplicableThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationRelease NotesThird Party Advisory

Timeline

No history available yet.