Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2022-37953
PUBLISHED
More InfoOfficial Page
Assigner-GE GP
Assigner Org ID-2cf0fb33-79e2-44e0-beb8-826cc5ce3250
View Known Exploited Vulnerability (KEV) details
Published At-25 Aug, 2022 | 17:26
Updated At-16 Sep, 2024 | 18:09
Rejected At-
▼CVE Numbering Authority (CNA)
WorkstationST - Response Splitting in AM Gateway Challenge-Response

An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater.

Affected Products
Vendor
GE Gas Power
Product
WorkstationST
Versions
Affected
  • From unspecified before 07.09.15 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-113CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Type: CWE
CWE ID: CWE-113
Description: CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Metrics
VersionBase scoreBase severityVector
3.14.7MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Upgrade to Workstation >= 7.09.15 which can be found in ControlST 7.09.07c SP8 and higher.

Configurations
Workarounds

Customers should follow the guidance laid out in GEH-6839. The best practices described in that document limit the likelihood and impact of a wide variety of attacks.

Exploits
Credits
GE Gas Power would like to thank Ammar Majali for his evaluation and responsible disclosure of this vulnerability.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-08-23_WorkstationST_Response_Splitting.pdf
x_refsource_CONFIRM
Hyperlink: https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-08-23_WorkstationST_Response_Splitting.pdf
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-08-23_WorkstationST_Response_Splitting.pdf
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-08-23_WorkstationST_Response_Splitting.pdf
Resource:
x_refsource_CONFIRM
x_transferred
Details not found