CVE-2022-28685
Description
This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of APP files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17212.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
AVEVA Edge 2020 SP2 Patch 0 deserialization vulnerability in APP file parsing allows remote code execution with user interaction.
Vulnerability
This vulnerability affects AVEVA Edge 2020 SP2 Patch 0 (version 4201.2111.1802.0000). The flaw resides in the parsing of APP files, where the software fails to properly validate user-supplied data, leading to deserialization of untrusted data. This can be triggered when a user opens a malicious APP file or visits a malicious page that loads such a file [1].
Exploitation
An attacker must convince a user to open a specially crafted APP file or navigate to a malicious web page that triggers the parsing. No authentication is required, but user interaction is necessary. The deserialization occurs within the context of the current process, allowing the attacker to execute arbitrary code [1].
Impact
Successful exploitation grants the attacker arbitrary code execution in the context of the current process. This can lead to full compromise of the affected system, including data disclosure, modification, or denial of service, depending on the privileges of the user running the application [1].
Mitigation
No official patch or workaround has been disclosed in the available references. Users are advised to exercise caution when opening APP files from untrusted sources and to restrict access to the affected software until a fix is released [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: 2020 SP2 Patch 0 (4201.2111.1802.0000)Package: https://wordpress.org/themes/edge
- AVEVA/Edgev5Range: 2020 SP2 Patch 0(4201.2111.1802.0000)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.