How severe is CVE-2022-35873?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2022-35873?

This is classified as CWE-356, which is a common weakness in software security.

CVE-2022-35873 - HIGH Severity | CVSS 7.8

Vulnerability Description

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of ZIP files. Crafted data in a ZIP file can cause the application to execute arbitrary Python scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16949.

Related Vulnerabilities

CVE-2022-36970

HIGH

CVSS:7.8(High)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 20.0 Build: 4201.2111.1802.0000 Service Pack 2. User interaction is required to exploit thi...

CWE-3562022

CVE-2025-2450

HIGH

CVSS:7.8(High)

NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI Visi...

CWE-3562025

CVE-2019-13322

HIGH

CVSS:7.5(High)

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Browser Prior to 10.4.0. User interaction is required to exploit this vulnerability in that t...

CWE-3562019

CVE-2025-31334

MEDIUM

CVSS:6.8(Medium)

Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link...

CWE-3562025

CVE-2019-6736

HIGH

CVSS:8.8(High)

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that t...

CWE-3562019

CVE-2019-6737

HIGH

CVSS:8.8(High)

CWE-3562019