CVE-2022-2952 | HackTesting

GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.

Credits

Kimiya working with Trend micro Zero Day Initiative reported these vulnerabilities to CISA.

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04