Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-2759

Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. This may allow an attacker to view sensitive documents and information on the affected host.

Published

2022-08-31T16:15:11.450

Last Modified

2024-11-21T07:01:39.210

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-611

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	deltaww	delta_robot_automation_studio	< 1.13.20	Yes

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-03 Patch, Third Party Advisory, US Government Resource ([email protected])
https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-03 Patch, Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)