CVE-2022-2002

Summary

GE CIMPICITY versions 2022 and prior is

vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
GECIMPLICITY0 <= v2022affected

Weaknesses

  • CWE-822: CWE-822 Untrusted Pointer Dereference

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References