CVE-2022-32222 in nodejs and Siemens Products

CVE-2022-32222 in nodejs and Siemens Products
Published on July 14, 2022

A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3.

Weakness Type

Cryptographic Issues

Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.

Products Associated with CVE-2022-32222

stack.watch emails you whenever new vulnerabilities are published in nodejs node.js or Siemens Sinec Ins. Just hit a watch button to start following.

Affected Versions

Version 4.0 and below 4.* is affected.

Version 5.0 and below 5.* is affected.

Version 6.0 and below 6.* is affected.

Version 7.0 and below 7.* is affected.

Version 8.0 and below 8.* is affected.

Version 9.0 and below 9.* is affected.

Version 10.0 and below 10.* is affected.

Version 11.0 and below 11.* is affected.

Version 12.0 and below 12.* is affected.

Version 13.0 and below 13.* is affected.

Version 14.0 and below 14.20.0 is affected.

Version 15.0 and below 15.* is affected.

Version 16.0 and below 16.20.0 is affected.

Version 17.0 and below 17.* is affected.

Version 18.0 and below 18.9.1 is affected.

Exploit Probability

EPSS

0.62%

Percentile

69.71%