How severe is CVE-2022-3864?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.5 out of 10.

What type of vulnerability is CVE-2022-3864?

This is classified as CWE-347, which is a common weakness in software security.

CVE-2022-3864

MEDIUM Year: 2022

CVSS v3 Score

4.5

Medium

Weakness Type

CWE-347

View all →

Vulnerability Description

A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package. Successful exploitation of this vulnerability will cause the IED to restart, causing a temporary Denial of Service.

CVE-2024-23960

MEDIUM

CVSS:4.6(Medium)

Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations o...

CWE-3472024

CVE-2019-10136

MEDIUM

CVSS:4.3(Medium)

It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around,...

CWE-3472019

CVE-2020-36843

MEDIUM

CVSS:4.3(Medium)

The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Atta...

CWE-3472020

CVE-2021-23992

MEDIUM

CVSS:4.3(Medium)

Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID...

CWE-3472021

CVE-2021-3521

MEDIUM

CVSS:4.7(Medium)

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing th...

CWE-3472021

CVE-2021-43074

MEDIUM

CVSS:4.3(Medium)

An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and belo...

CWE-3472021

CVE-2022-3864

Vulnerability Description

Related Vulnerabilities

CVE-2024-23960

CVE-2019-10136

CVE-2020-36843

CVE-2021-23992

CVE-2021-3521

CVE-2021-43074