Buffer overflow in Sewio Real-time_location_system_studio
CVE-2022-41989
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not validate the length of RTLS report payloads during communication. This allows an attacker to send an exceedingly long payload, resulti…
Vulnerability class: Buffer Overflow
EPSS: 0.008 (50.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.0 (Critical). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Sewio Real-time_location_system_studio
- Sewio Rtls Studio — versions 2.0.0
Weakness classification (CWE)
References
- ics-cert@hq.dhs.gov (US Government Resource, Third Party Advisory)
Frequently asked questions
- What is CVE-2022-41989?
- CVE-2022-41989 is a critical-severity vulnerability in Sewio Real-time_location_system_studio, classified under Out-of-bounds Write. CVSS score: 9.0/10. Published 2023-01-18.
- How severe is CVE-2022-41989?
- Critical severity. CVSS v3 base score is 9.0 out of 10.