CVE-2022-30268

Description

The affected products use the Winloader utility to manage firmware updates by serial port or a serial-over-Ethernet link that were found to not use authentication. This could allow an attacker to push malicious firmware images to the controller and cause a denial-of-service condition or allow remote code execution. This vulnerability only effects version of the CPE302, 205, and 310 that were produced before the "-Bxxx" hardware revisions.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-01

Details

Source: Mitre, NVD