Untrusted Pointer Dereference
CVE-2022-2002
Summary
GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.
- LOW
- LOCAL
- HIGH
- UNCHANGED
- REQUIRED
- NONE
- HIGH
- HIGH
CWE-822 - Untrusted Pointer Dereference
The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.
References
Advisory Timeline
- Published