Cyber Posture

CVE-2022-50975

High

Published: 02 February 2026

Published
02 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0002 6.8th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-50975 is a high-severity Origin Validation Error (CWE-346) vulnerability in Innomic (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, ranked at the 6.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and SC-23 (Session Authenticity).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-23 Session Authenticity good match
prevent

Protects the authenticity of communications sessions, directly preventing unauthenticated attackers from hijacking and reusing stolen session IDs.

AC-17 Remote Access good match
prevent

Authorizes, monitors, and controls remote access including Ethernet configuration interfaces, blocking unauthenticated remote exploitation.

AC-12 Session Termination partial match
prevent

Enforces timely session termination after defined events, reducing the opportunity for attackers to exploit existing session IDs.

NVD Description

An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled.

Deeper analysisAI

CVE-2022-50975 is a vulnerability that enables an unauthenticated remote attacker to leverage an existing session ID from a logged-in user to obtain full access to the affected device, provided configuration via Ethernet is enabled. The issue is associated with products from Innomic, as outlined in their security advisories, and is classified under CWE-346 (Origin Validation Error). It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity with network accessibility, low attack complexity, no privileges required, and user interaction needed.

An unauthenticated remote attacker can exploit this vulnerability by acquiring a valid session ID belonging to a legitimate user, potentially through social engineering or other means that involve user interaction. Successful exploitation grants the attacker complete control over the device, resulting in high impacts on confidentiality, integrity, and availability.

Innomic has published advisories detailing the issue, available at https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-0001.html and https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-0001.json, which security practitioners should consult for specific mitigation guidance and patches. The CVE was published on 2026-02-02T15:16:27.933.

Details

CWE(s)
CWE-346

Affected Products

Innomic
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-41342Shared CWE-346
CVE-2022-50925Shared CWE-346
CVE-2025-7659Shared CWE-346
CVE-2026-34359Shared CWE-346
CVE-2026-41057Shared CWE-346
CVE-2026-23552Shared CWE-346
CVE-2026-26861Shared CWE-346
CVE-2026-22794Shared CWE-346
CVE-2024-57965Shared CWE-346
CVE-2026-34373Shared CWE-346

References