Security Vulnerabilities - CVEs Published In March 2022
Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution.
CVSS Score
7.5
EPSS Score
0.064
Published
2022-03-23
Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution.
CVSS Score
9.8
EPSS Score
0.085
Published
2022-03-23
Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution.
CVSS Score
9.8
EPSS Score
0.085
Published
2022-03-23
The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the Connected Components Workbench software. User interaction is required for this exploit to be successful.
CVSS Score
7.7
EPSS Score
0.001
Published
2022-03-23
A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements.
CVSS Score
10.0
EPSS Score
0.001
Published
2022-03-23
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly referred to as a Zip Slip. A local, authenticated attacker can create a malicious .ccwarc archive file that, when opened by Connected Components Workbench, will allow the attacker to gain the privileges of the software. If the software is running at SYSTEM level, the attacker will gain admin level privileges. User interaction is required for this exploit to be successful.
CVSS Score
6.1
EPSS Score
0.0
Published
2022-03-23
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attacker to modify sensitive data in FactoryTalk AssetCentre.
CVSS Score
10.0
EPSS Score
0.001
Published
2022-03-23
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited.
CVSS Score
8.6
EPSS Score
0.002
Published
2022-03-23
A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier.
CVSS Score
10.0
EPSS Score
0.0
Published
2022-03-23
An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Score
8.0
EPSS Score
0.002
Published
2022-03-23