CVE-2022-2952

Summary

GE CIMPICITY versions 2022 and prior is

vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
GECIMPLICITY0 <= v2022affected

Weaknesses

  • CWE-824: CWE-824 Access of Uninitialized Pointer

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References