Cyber Resilience

CVE-2022-50975

High

Published: 02 February 2026

Published
02 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0023 13.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2022-50975 is a high-severity Origin Validation Error (CWE-346) vulnerability in Innomic (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Remote Service Session Hijacking (T1563); ranked at the 13.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and SC-23 (Session Authenticity).

Deeper analysis

CVE-2022-50975 is a vulnerability that enables an unauthenticated remote attacker to leverage an existing session ID from a logged-in user to obtain full access to the affected device, provided configuration via Ethernet is enabled. The issue is associated with products from Innomic, as outlined in their security advisories, and is classified under CWE-346 (Origin Validation Error). It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity with network accessibility, low attack complexity, no privileges required, and user interaction needed.

An unauthenticated remote attacker can exploit this vulnerability by acquiring a valid session ID belonging to a legitimate user, potentially through social engineering or other means that involve user interaction. Successful exploitation grants the attacker complete control over the device, resulting in high impacts on confidentiality, integrity, and availability.

Innomic has published advisories detailing the issue, available at https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-0001.html and https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-0001.json, which security practitioners should consult for specific mitigation guidance and patches. The CVE was published on 2026-02-02T15:16:27.933.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1563 Remote Service Session Hijacking Lateral Movement
Adversaries may take control of preexisting sessions with remote services to move laterally in an environment.
T1550.004 Web Session Cookie Lateral Movement
Adversaries can use stolen session cookies to authenticate to web applications and services.
Why these techniques?

Vulnerability enables session ID hijacking for unauthorized remote access (origin validation flaw), directly facilitating remote service session hijacking and use of web session tokens as alternate authentication material.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-26861Shared CWE-346
CVE-2026-34927Shared CWE-346
CVE-2022-50925Shared CWE-346
CVE-2025-71217Shared CWE-346
CVE-2026-34929Shared CWE-346
CVE-2026-6508Shared CWE-346
CVE-2026-34930Shared CWE-346
CVE-2025-1102Shared CWE-346
CVE-2025-21511Shared CWE-346
CVE-2026-9989Shared CWE-346

Affected Assets

Innomic
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Protects the authenticity of communications sessions, directly preventing unauthenticated attackers from hijacking and reusing stolen session IDs.

prevent

Authorizes, monitors, and controls remote access including Ethernet configuration interfaces, blocking unauthenticated remote exploitation.

prevent

Enforces timely session termination after defined events, reducing the opportunity for attackers to exploit existing session IDs.

References