Skip to main content

Incorrect Type Conversion or Cast

CVE-2022-41668

Severity High
Score 7.8/10

Summary

A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

  • LOW
  • LOCAL
  • HIGH
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • HIGH

CWE-704 - Incorrect Type Conversion or Cast

The software does not correctly convert an object, resource, or structure from one type to a different type.

References

Advisory Timeline

  • Published