Arbitrary Code Execution Vulnerability in GE CIMPICITY Versions 2022 and Prior

Arbitrary Code Execution Vulnerability in GE CIMPICITY Versions 2022 and Prior

CVE-2022-2002 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.

Learn more about our Web Application Penetration Testing UK.