CVE-2022-45127

Description

Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its backup services. An attacker could take advantage of this vulnerability to execute arbitrary backup operations and cause a denial-of-service condition.

Remediation

Solution:

Sewio has provided the following updates and recommends that users update to the latest version: * RTLS Studio: Update to version 3.0.0 or later https://portal.sewio.net/login (requires login)

Workaround:

Sewio also recommends the following workarounds to reduce the risk of exploitation: * Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 . * Locate control system networks and remote devices behind firewalls and isolate them from business networks.

References

Link	Tags
https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-01	third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2022-45127?: CVE-2022-45127 has been scored as a high severity vulnerability.
How to fix CVE-2022-45127?: To fix CVE-2022-45127: Sewio has provided the following updates and recommends that users update to the latest version: * RTLS Studio: Update to version 3.0.0 or later https://portal.sewio.net/login (requires login)
Is CVE-2022-45127 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-45127 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-45127?: CVE-2022-45127 affects Sewio RTLS Studio.

Description

Remediation

Category

CWE-352 – Cross-Site Request Forgery (CSRF)

References

Frequently Asked Questions