Access of Uninitialized Pointer
CVE-2022-2952
Summary
GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.
- LOW
- LOCAL
- HIGH
- UNCHANGED
- REQUIRED
- NONE
- HIGH
- HIGH
CWE-824 - Access of Uninitialized Pointer
The program accesses or uses a pointer that has not been initialized.
References
Advisory Timeline
- Published