Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-27579

EPSS 0.18% · P40
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-27579

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Soft Designer in all versions up to and including 1.9.4 SP1 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges of the current user when opened or imported by the Flexi Soft Designer. This compromises confidentiality integrity and availability. For the attack to succeed a user must manually open a malicious project file.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
可信数据的反序列化
Source: NVD (National Vulnerability Database)
Vulnerability Title
SICK Flexi Soft Designer 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SICK Flexi Soft Designer是德国西克(SICK)公司的一款配置工具。 SICK Flexi Soft Designer 1.9.4 SP1及以下版本存在安全漏洞,该漏洞源于使用的.NET框架类存在反序列化漏洞且未进行正确检查,这使得攻击者可以制作恶意项目文件打开/导入这样一个恶意的项目文件,当Flexi Soft Designer打开或导入时,将以当前用户的权限执行任意代码。这损害了保密性、完整性和可用性。为了攻击成功,用户必须手动打开一个恶意的项目文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-SICK Flexi Soft Designer All versions up to and including 1.9.4 SP1 -

II. Public POCs for CVE-2022-27579

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-27579

登录查看更多情报信息。

Same Patch Batch · n/a · 2022-07-19 · 29 CVEs total

CVE-2022-342665.5 MEDIUMSilicon Graphics LibTIFF 安全漏洞
CVE-2022-36305Vesta Control Panel 跨站脚本漏洞
CVE-2022-2476WavPack 代码问题漏洞
CVE-2022-1921GStreamer 输入验证错误漏洞
CVE-2021-32504SICK FTMg 安全漏洞
CVE-2022-35405ZOHO ManageEngine Password Manager Pro 代码问题漏洞
CVE-2022-27580Safety 代码问题漏洞
CVE-2022-35912Grails 代码注入漏洞
CVE-2022-34001Unit4 ERP 代码问题漏洞
CVE-2022-34023Barangay Management System SQL注入漏洞
CVE-2022-34024Barangay Management System 代码问题漏洞
CVE-2022-27373phicomm Feixun fir302b A2 操作系统命令注入漏洞
CVE-2022-34025Vesta Control Panel 跨站脚本漏洞
CVE-2022-36304Vesta Control Panel 跨站脚本漏洞
CVE-2022-36303Vesta Control Panel 跨站脚本漏洞
CVE-2022-34535Digital Watchdog DW MEGApix IP 授权问题漏洞
CVE-2022-34534Digital Watchdog DW MEGApix IP 信息泄露漏洞
CVE-2022-34536Digital Watchdog DW MEGApix IP 授权问题漏洞
CVE-2022-34537Digital Watchdog DW MEGApix IP 跨站脚本漏洞
CVE-2022-34538Digital Watchdog DW MEGApix IP 操作系统命令注入漏洞

Showing top 20 of 29 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: n/a
Same weakness: CWE-502

V. Comments for CVE-2022-27579

No comments yet

Leave a comment