CVE-2022-30422 – CVE-2022-30422 allows remote attackers to execu... (How to Fix)

Q: What is the severity of CVE-2022-30422?

CVE-2022-30422 has a CVSS score of 9.8 (CRITICAL). CVE-2022-30422 allows remote attackers to execute arbitrary code on Planet Time Enterprise servers by manipulating the Viewstate parameter. This affects organizations using Proietti Tech's Planet Time Enterprise software for time tracking and workforce management. Attackers can gain full control of affected systems without authentication.

📋 TL;DR

CVE-2022-30422 allows remote attackers to execute arbitrary code on Planet Time Enterprise servers by manipulating the Viewstate parameter. This affects organizations using Proietti Tech's Planet Time Enterprise software for time tracking and workforce management. Attackers can gain full control of affected systems without authentication.

💻 Affected Systems

Products:

Proietti Tech srl Planet Time Enterprise

Versions: 4.2.0.1, 4.2.0.0, 4.1.0.0, 4.0.0.0, 3.3.1.0, 3.3.0.0

Operating Systems: Windows (typical deployment)

Default Config Vulnerable: ⚠️ Yes

Notes: All standard installations are vulnerable; no special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to install malware, steal sensitive data, pivot to internal networks, and maintain persistent access.

🟠

Likely Case

Attackers deploy ransomware, cryptocurrency miners, or backdoors to steal credentials and business data.

🟢

If Mitigated

Systems behind strict network segmentation with proper monitoring may detect exploitation attempts before full compromise.

🌐 Internet-Facing: HIGH - Directly exploitable over network without authentication, making internet-facing instances immediate targets.

🏢 Internal Only: HIGH - Even internal systems are vulnerable to network-based attacks from compromised internal hosts.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Viewstate deserialization vulnerabilities are well-understood attack vectors with available exploit frameworks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Contact vendor for patched version

Vendor Advisory: https://www.swascan.com/it/security-advisory-proietti-planet-time-enterprise-cve-2022-30422/

Restart Required: Yes

Instructions:

1. Contact Proietti Tech support for patched version
2. Backup configuration and data
3. Apply vendor-provided patch
4. Restart Planet Time Enterprise services
5. Verify functionality

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Planet Time Enterprise servers from internet and restrict internal access

WAF Rule

all

Block or sanitize Viewstate parameter in web application firewall

🧯 If You Can't Patch

Immediately isolate affected systems from network access
Implement strict network monitoring for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check Planet Time Enterprise version against affected list; test with Viewstate manipulation tools if authorized

Check Version:

Check application interface or configuration files for version information

Verify Fix Applied:

Verify installed version is newer than affected versions; test with Viewstate manipulation tools if authorized

📡 Detection & Monitoring

Log Indicators:

Unusual Viewstate parameter values in web logs
Unexpected process execution from web server context

Network Indicators:

HTTP requests with manipulated Viewstate parameters
Outbound connections from Planet Time server to unknown destinations

SIEM Query:

source="planet_time_logs" AND (message="*Viewstate*" OR process="unusual_executable")

📊 Metadata

CVE ID: CVE-2022-30422

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: June 17, 2022

Last Updated: November 21, 2024

🔗 References

https://www.swascan.com/it/ Third Party Advisory
https://www.swascan.com/it/security-advisory-proietti-planet-time-enterprise-cve-2022-30422/ Exploit,Mitigation,Third Party Advisory
https://www.swascan.com/it/ Third Party Advisory
https://www.swascan.com/it/security-advisory-proietti-planet-time-enterprise-cve-2022-30422/ Exploit,Mitigation,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-30422, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Planet Time Enterprise by Proietti

Planet Time Enterprise by Proietti

Planet Time Enterprise by Proietti

Planet Time Enterprise by Proietti

Planet Time Enterprise by Proietti

Planet Time Enterprise by Proietti

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

WAF Rule

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities