CVE-2022-38453

Published: Sep 13, 2022Modified: Nov 21, 2024

4.4

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Exploitability: 1.8 / Impact: 2.5

Source: NVD

Description

Multiple binary application files on the CMS8000 device are compiled with 'not stripped' and 'debug_info' compilation settings. These compiler settings greatly decrease the level of effort for a threat actor to reverse engineer sensitive code and identify additional vulnerabilities.

Affected (1)

Products: Contechealth: Cms8000 Firmware

1 product

Cms8000 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Contechealth Cms8000 Firmware	All versions

Running on/with	Platform Versions
Contechealth Cms8000	All versions

Related CWEs

Active Debug Code

The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.

References (2)

https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01

Source: ics-cert@hq.dhs.gov

MitigationThird Party AdvisoryUS Government Resource

https://www.cisa.gov/uscert/ics/advisories/icsma-22-244-01

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party AdvisoryUS Government Resource

Timeline

No history available yet.