CVE-2022-2068
Published: 21 June 2022
Summary
CVE-2022-2068 is a high-severity OS Command Injection (CWE-78) vulnerability in Siemens Sinec Ins. Its CVSS base score is 7.3 (High).
Operationally, ranked in the top 4.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
The vulnerability is a command injection flaw (CWE-78) in the c_rehash shell script distributed with OpenSSL. It stems from incomplete sanitization of shell metacharacters in certificate file names passed to executed commands, an issue that remained after the partial fix for the related CVE-2022-1292. Affected versions include OpenSSL 3.0.0 through 3.0.3, 1.1.1 through 1.1.1o, and 1.0.2 through 1.0.2ze; the script is shipped by some operating systems in a way that triggers automatic execution.
A local attacker who can supply or influence certificate files processed by c_rehash can inject and execute arbitrary commands under the privileges of the script. This occurs without requiring elevated privileges beyond local access and user interaction to trigger the script, potentially leading to full control over the affected system components.
Advisories and patches recommend replacing use of the obsolete c_rehash script with the OpenSSL rehash command-line tool. Fixes are available in OpenSSL 3.0.4, 1.1.1p, and 1.0.2zf, with additional vendor guidance such as the Siemens SSA-332410 advisory and distribution-specific notices like the Fedora package announcement.
The EPSS score reached a peak of 0.2354 with a current value of 0.2022.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-34360
Vulnerability details
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not…
more
discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.