CVE-2022-47917

Summary

Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to several modules and services of the software. This could allow an attacker to delete arbitrary files and cause a denial-of-service condition.

Affected Software

VendorProductVersion RangeStatus
SewioRTLS Studio2.0.0 <= 2.6.2affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

Workarounds

Sewio also recommends the following workarounds to reduce the risk of exploitation:

  • Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 .

    • Locate control system networks and remote devices behind firewalls and isolate them from business networks.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References