CVE-2022-2759 MEDIUM

CVE-2022-2759

Vendor Delta Electronics
Product Delta Robot Automation Studio (DRAS)
Weakness CWE-611 · XXE
Published August 31, 2022
Last update April 16, 2025

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. This may allow an attacker to view sensitive documents and information on the affected host.

Key dates

02Disclosure timeline

August 31, 2022 CVE published
April 16, 2025 Record updated