CVE-2022-4304

Vulnerability Profile Updated 3 months ago

Download STIX

Preview STIX

CVE-2022-4304 is a vulnerability that was identified in several software packages and units, notably the OPC UA Server Unit (all versions), MX OPC Server UA (versions 3.05F and later), and FX5-OPC (versions 1.006 and prior). This flaw, which lies in the design or implementation of these software systems, exposes them to potential security risks. The MX OPC Server UA software is packaged with MC Works64, and the affected versions are those that come with MC Works64 Version 4.03D and later. The vulnerability also extends to the FX5-OPC software, specifically versions 1.006 and earlier. In addition to CVE-2022-4304, these versions of FX5-OPC are also subject to another vulnerability, CVE-2022-4450. The presence of these vulnerabilities suggests that the software could be exploited, potentially leading to unauthorized access or control, data breaches, or other security incidents. In summary, the discovery of CVE-2022-4304 has significant implications for users of the affected software packages and units. All versions of the OPC UA Server Unit, certain versions of MX OPC Server UA (packaged with MC Works64), and earlier versions of FX5-OPC are all at risk. Users of these software packages should take immediate action to mitigate the potential threats associated with this vulnerability, such as updating to a secure version of the software if available, applying patches, or implementing other recommended security measures.

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Vulnerability

Rsa

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
ZLib	Unspecified	1	Zlib is a known malware, a harmful program designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can cause significant damage, including stealing personal information, disrupting opera

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
CVE-2022-4450	Unspecified	1	None

Source Document References

Information about the CVE-2022-4304 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
CISA	4 days ago	Hitachi Energy AFS/AFR Series Products \| CISA
CISA	a month ago	Siemens SIMATIC and SIPLUS \| CISA
CISA	3 months ago	Siemens Telecontrol Server Basic \| CISA
CERT-EU	7 months ago	Mitsubishi Electric Factory Automation Products \| CISA
CERT-EU	7 months ago	Mitsubishi Electric Factory Automation Products
CERT-EU	9 months ago	Multiple vulnerabilities in IBM Cloud Pak for Watson AIOps
CERT-EU	9 months ago	Multiple vulnerabilities in IBM Observability with Instana (Self-hosted on Docker)
CERT-EU	10 months ago	Marvin Attack: 25-year-old RSA Decryption Vulnerability Disclosed
CISA	10 months ago	Mitsubishi Electric CC-Link IE TSN Industrial Managed Switch \| CISA
CERT-EU	10 months ago	Multiple vulnerabilities in IBM Spectrum Conductor
CERT-EU	10 months ago	Multiple vulnerabilities in IBM Rational ClearQuest
CERT-EU	10 months ago	New Marvin attack revives 25-year-old decryption flaw in RSA
CISA	10 months ago	Hitachi Energy Lumada APM Edge \| CISA
CERT-EU	10 months ago	RedHat: RHSA-2023-5103:01 Moderate: OpenShift Virtualization 4.11.6...
CERT-EU	a year ago	With UEFI, TPM, Pluton Etc. Microsoft and Intel/AMD Trashed an Entire Generation of Computers, Made Security a Lot Worse in Order to Curtail GNU/Linux and BSD Adoption
CERT-EU	a year ago	Multiple vulnerabilities in Dell Cloud Tiering Appliance
CERT-EU	a year ago	Dell PowerEdge T40 Mini Tower Server update for OpenSSL
CERT-EU	a year ago	Multiple vulnerabilities in Dell Precision Rack
CISA	a year ago	ICONICS and Mitsubishi Electric Products \| CISA
CERT-EU	a year ago	Multiple vulnerabilities in Dell ECS