Unrated severityNVD Advisory· Published Mar 29, 2023· Updated Feb 18, 2025

CVE-2022-28686

Description

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17114.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

AVEVA Edge 2020 SP2 Patch 0 contains an uncontrolled search path element vulnerability in APP file handling, allowing remote code execution via a malicious page or file.

Vulnerability

The vulnerability exists in AVEVA Edge 2020 SP2 Patch 0 (version 4201.2111.1802.0000) during the handling of APP files. The process loads a library from an unsecured location, which can be controlled by an attacker. This is an uncontrolled search path element vulnerability (CWE-427). [1]

Exploitation

An attacker must convince a user to visit a malicious webpage or open a malicious APP file. No authentication is required, but user interaction is necessary. The attacker can place a malicious library in a location that the application searches before the intended secure location, causing the application to load the attacker's code. [1]

Impact

Successful exploitation allows arbitrary code execution in the context of the current process. The CVSS score is 7.8 (High) with impacts to confidentiality, integrity, and availability. The attacker gains the same privileges as the user running AVEVA Edge. [1]

Mitigation

AVEVA has issued an update to address this vulnerability. Users should apply the latest patch from AVEVA. No workaround is mentioned in the available references. [1]

References

ZDI-22-1125

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

WordPress/Edgellm-fuzzy
Range: = 2020 SP2 Patch 0(4201.2111.1802.0000)
Package: https://wordpress.org/themes/edge
AVEVA/Edgev5
Range: 2020 SP2 Patch 0(4201.2111.1802.0000)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000