CVE-2022-23130
📊 5.5 MEDIUM⚡ 0.1%🎯 0 exploits
📅 Published Jan 21, 2022
📋 Status: Modified
Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.97 and prior and ICONICS Hyper Historian versions 10.97 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64 or MC Works64 and execute commands against the database from GENESIS64 or MC Works64.
CVSS v3.1 • NVD
🎯 Affected Products & Systems
3 product configurations affected
Filter by type:
| Type | Vendor | Product | Version Range | Status | CPE String |
|---|---|---|---|---|---|
📱App | iconics | genesis64 | ≤ 10.97 | Vulnerable | cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:* |
📱App | iconics | hyper historian | ≤ 10.97 | Vulnerable | cpe:2.3:a:iconics:hyper_historian:*:*:*:*:*:*:*:* |
📱App | mitsubishielectric | mc works64 | ≥ 10.95.201.23 ∧ ≤ 10.95.210.01 | Vulnerable | cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:* |
Version: ≤ 10.97
CPE:
cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: ≤ 10.97
CPE:
cpe:2.3:a:iconics:hyper_historian:*:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: ≥ 10.95.201.23 ∧ ≤ 10.95.210.01
CPE:
cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector:
LOCAL
Complexity:
LOW
Privileges:
NONE
User Interaction:
REQUIRED
Confidentiality:
NONE
Integrity:
NONE
Availability:
HIGH
Scope:
UNCHANGED
🔍 Technical Details
Analysis Status
ModifiedCVSS Details
5.5 (MEDIUM)v3.1
Source: [email protected]
EPSS Details
0.1% (Minimal)27.7th percentile
Last updated: Nov 1, 2025
Exploitation probability within 30 days
Published Date
Jan 21, 2022 (3 years ago)
Last Modified
Nov 21, 2024 (11 months ago)
Security Weaknesses1
CWE-125
References4
NVDadvisorygeneral+1