Unrated severityNVD Advisory· Published Mar 29, 2023· Updated Feb 18, 2025

CVE-2022-28688

Description

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17201.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

AVEVA Edge 2020 SP2 Patch 0 loads a library from an unsecured location when handling APP files, allowing remote code execution via a malicious page or file.

Vulnerability

A remote code execution vulnerability exists in AVEVA Edge 2020 SP2 Patch 0 (4201.2111.1802.0000) during the handling of APP files. The process loads a library from an unsecured location, enabling an attacker to inject and execute arbitrary code. User interaction is required, as the target must visit a malicious page or open a malicious file [1].

Exploitation

An attacker can exploit this vulnerability by convincing a user to open a specially crafted APP file or visit a web page that loads the malicious file. No authentication is needed, but the victim must perform the action. The attack vector is local with low complexity, and no privileges are required [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code in the context of the current process, leading to full compromise of confidentiality, integrity, and availability (CVSS 7.8, AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) [1].

Mitigation

AVEVA has issued a security update. Affected users should apply the latest patch from the vendor. No workaround is documented in the available references [1].

References

ZDI-22-1127

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

WordPress/Edgellm-fuzzy
Range: =2020 SP2 Patch 0 (4201.2111.1802.0000)
Package: https://wordpress.org/themes/edge
AVEVA/Edgev5
Range: 2020 SP2 Patch 0(4201.2111.1802.0000)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000