CVE-2022-37953 MEDIUM

CVE-2022-37953: WorkstationST - Response Splitting in AM Gateway Challenge-Response

Vendor Ge Gas Power
Product WorkstationST
Weakness CWE-113 · HTTP response splitting
Published August 25, 2022
Last update September 16, 2024

CVSS base score

4.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater.

Key dates

02Disclosure timeline

August 25, 2022 CVE published
September 16, 2024 Record updated