How severe is CVE-2022-2848?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2022-2848?

This is classified as CWE-122, which is a common weakness in software security.

CVE-2022-2848 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486.

Related Vulnerabilities

CVE-2020-27263

CRITICAL

CVSS:9.1(Critical)

KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital ...

CWE-1222020

CVE-2023-5841

CRITICAL

CVSS:9.1(Critical)

Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susce...

CWE-1222023

CVE-2023-5908

CRITICAL

CVSS:9.1(Critical)

KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.

CWE-1222023

CVE-2024-38160

CRITICAL

CVSS:9.1(Critical)

Windows Network Virtualization Remote Code Execution Vulnerability

CWE-1222024

CVE-2025-30216

CRITICAL

CVSS:9.1(Critical)

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight Syst...

CWE-1222025

CVE-2021-21962

CRITICAL

CVSS:9.0(Critical)

A heap-based buffer overflow vulnerability exists in the OTA Update u-download functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A series of specially-crafted MQTT payloads can lead to ...

CWE-1222021