CVE-2022-43455

Description

Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to the service_start, service_stop, and service_restart modules of the software. This could allow an attacker to start, stop, or restart arbitrary services running on the server.

Remediation

Solution:

Sewio has provided the following updates and recommends that users update to the latest version: * RTLS Studio: Update to version 3.0.0 or later https://portal.sewio.net/login (requires login)

Workaround:

Sewio also recommends the following workarounds to reduce the risk of exploitation: * Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 . * Locate control system networks and remote devices behind firewalls and isolate them from business networks.

References

Link	Tags
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01	third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2022-43455?: CVE-2022-43455 has been scored as a medium severity vulnerability.
How to fix CVE-2022-43455?: To fix CVE-2022-43455: Sewio has provided the following updates and recommends that users update to the latest version: * RTLS Studio: Update to version 3.0.0 or later https://portal.sewio.net/login (requires login)
Is CVE-2022-43455 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-43455 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-43455?: CVE-2022-43455 affects Sewio RTLS Studio.

Description

Remediation

Category

CWE-20 – Improper Input Validation

References

Frequently Asked Questions