VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 29, 2023· Updated Feb 18, 2025

CVE-2022-36970

CVE-2022-36970

Description

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 20.0 Build: 4201.2111.1802.0000 Service Pack 2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of APP files. Crafted data in a APP file can cause the application to execute arbitrary Visual Basic scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of current process. Was ZDI-CAN-17370.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

AVEVA Edge 20.0 SP2 is vulnerable to remote code execution via crafted APP files due to insufficient UI warning of malicious Visual Basic scripts.

Vulnerability

The specific flaw resides in the processing of APP files in AVEVA Edge 20.0 Build: 4201.2111.1802.0000 Service Pack 2. Crafted data in an APP file can cause the application to execute arbitrary Visual Basic scripts. The user interface fails to provide sufficient indication of the hazard [1].

Exploitation

An attacker can exploit this vulnerability by convincing a user to open a malicious APP file or visit a malicious page. User interaction is required; no network authentication is needed [1].

Impact

Successful exploitation allows arbitrary code execution in the context of the current process, potentially leading to full system compromise [1].

Mitigation

As of the publication of ZDI-22-1129 (August 2022), no vendor patch was available. Users should contact AVEVA for updates and apply any security recommendations [1].

References
  1. ZDI-22-1129

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.