Login Sign Up

CVE-2022-35911

7.5 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

CVE-2022-35911 is a buffer overflow vulnerability in Patlite NH-FB series devices that allows remote attackers to cause denial of service by sending requests with omitted query strings. This affects organizations using Patlite NH-FB series network indicators for industrial signaling. The vendor disputes the vulnerability's existence, creating uncertainty for users.

💻 Affected Systems

Products:
  • Patlite NH-FB series network indicators
Versions: Through version 1.46
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Vendor disputes vulnerability existence, making patch status unclear

📦 What is this software?

Nhl Fb2 Firmware by Patlite

View all CVEs affecting Nhl Fb2 Firmware →

Nhp Fb2 Firmware by Patlite

View all CVEs affecting Nhp Fb2 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise and potential lateral movement in industrial networks

🟠

Likely Case

Denial of service causing Patlite indicators to become unresponsive, disrupting industrial signaling operations

🟢

If Mitigated

Minimal impact if devices are properly segmented and network access is restricted

🌐 Internet-Facing: HIGH - Devices exposed to internet could be easily targeted for DoS attacks
🏢 Internal Only: MEDIUM - Internal attackers could disrupt operations but requires network access

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit requires sending malformed HTTP requests with omitted query strings

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - vendor disputes vulnerability

Vendor Advisory: https://www.patlite.co.jp/product/detail0000021462.html

Restart Required: No

Instructions:

Contact Patlite support for guidance since vendor disputes vulnerability existence

🔧 Temporary Workarounds

Network segmentation

all

Isolate Patlite devices in separate VLAN with strict firewall rules

Access control lists

all

Restrict network access to Patlite devices to authorized IP addresses only

🧯 If You Can't Patch

  • Deploy network monitoring to detect abnormal HTTP traffic to Patlite devices
  • Implement redundant signaling systems to maintain operations if devices become unavailable

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or serial console

Check Version:

Check device web interface at http://[device-ip]/ or use serial console connection

Verify Fix Applied:

No official fix available - monitor for vendor updates

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests with missing query strings to Patlite devices
  • Device reboot or unresponsive logs

Network Indicators:

  • Abnormal HTTP traffic patterns to Patlite device ports
  • Increased connection attempts to port 80

SIEM Query:

source_ip="*" AND dest_ip="patlite_device" AND http_request CONTAINS "?" AND http_request NOT CONTAINS "query="

📊 Metadata

CVE ID: CVE-2022-35911
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-119
Published: July 27, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-35911, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)