CVE-2022-50976

Summary

A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB.

Affected Software

VendorProductVersion RangeStatus
InnomicVibroLine Configurator 5.05.0.2416 <= 5.0.2486affected
InnomicVibroLine Configurator 5.05.1.2730unaffected
avibiaAvibiaLine Configurator 5.05.0.2416 <= 5.0.2486affected
avibiaAvibiaLine Configurator 5.05.1.2730unaffected
InnomicVibroLine Configurator 4.04.0.1931 <= 4.0.2406unaffected

Weaknesses

  • CWE-1288: CWE-1288: Improper Validation of Consistency within Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References