CVE-2022-27579
First published: Tue Jul 19 2022(Updated: )
A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Soft Designer in all versions up to and including 1.9.4 SP1 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges of the current user when opened or imported by the Flexi Soft Designer. This compromises confidentiality integrity and availability. For the attack to succeed a user must manually open a malicious project file.
Credit: psirt@sick.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sick Flexi Soft Designer | <1.9.4 | |
| Sick Flexi Soft Designer | =1.9.4 | |
| Sick Flexi Soft Designer | =1.9.4-sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this deserialization vulnerability?
The vulnerability ID is CVE-2022-27579.
What is the affected software for this vulnerability?
The affected software is Sick Flexi Soft Designer up to and including version 1.9.4 SP1.
What is the severity of CVE-2022-27579?
The severity of CVE-2022-27579 is high with a severity value of 7.8.
How does CVE-2022-27579 occur?
CVE-2022-27579 occurs due to a deserialization vulnerability in a .NET framework class used by Flexi Soft Designer.
How can I fix this vulnerability?
To fix this vulnerability, it is recommended to update Sick Flexi Soft Designer to a version that is not affected.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/sick
- canonical/sick flexi soft designer
- version/sick flexi soft designer/1.9.4
- version/sick flexi soft designer/1.9.4-sp1