Login Sign Up

CVE-2022-38604

7.3 HIGH

📋 TL;DR

CVE-2022-38604 is an arbitrary file deletion vulnerability in Wacom tablet drivers for Windows. Attackers can delete arbitrary files on affected systems, potentially causing data loss or system instability. Users of Wacom tablets with vulnerable driver versions on Windows are affected.

💻 Affected Systems

Products:
  • Wacom Tablet Driver
Versions: 6.3.46-1 and earlier
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all Windows installations with vulnerable Wacom driver versions. Requires Wacom tablet hardware/driver installation.

📦 What is this software?

Driver by Wacom

View all CVEs affecting Driver →

Driver by Wacom

View all CVEs affecting Driver →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through deletion of critical system files, leading to OS corruption, data loss, or denial of service.

🟠

Likely Case

Targeted deletion of user files, configuration files, or application data causing data loss and disruption.

🟢

If Mitigated

Limited impact with proper file permissions and user account controls in place, potentially only affecting user-writable areas.

🌐 Internet-Facing: LOW - Requires local access or social engineering to execute.
🏢 Internal Only: MEDIUM - Could be exploited by malicious insiders or through lateral movement in compromised networks.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires local execution or social engineering to run malicious code. Public proof-of-concept available on GitHub.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.3.47-1 and later

Vendor Advisory: https://www.wacom.com/en-us/support/product-support/drivers

Restart Required: Yes

Instructions:

1. Visit Wacom driver download page. 2. Download latest driver version 6.3.47-1 or newer. 3. Run installer. 4. Restart system when prompted.

🔧 Temporary Workarounds

Remove Wacom Driver

windows

Uninstall vulnerable Wacom driver if tablet functionality is not required

Control Panel > Programs > Uninstall a program > Select Wacom Tablet Driver > Uninstall

Restrict File Permissions

windows

Apply strict file permissions to limit deletion capabilities

icacls "C:\Program Files\Tablet\Wacom" /deny Everyone:(D)

🧯 If You Can't Patch

  • Disconnect Wacom tablets and remove driver if not essential
  • Implement application whitelisting to prevent unauthorized executables

🔍 How to Verify

Check if Vulnerable:

Check Wacom driver version in Control Panel > Programs and Features. If version is 6.3.46-1 or earlier, system is vulnerable.

Check Version:

wmic product where "name like '%Wacom%'" get version

Verify Fix Applied:

Verify driver version is 6.3.47-1 or newer after update. Test file deletion functionality if possible.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected file deletion events in Windows Event Logs (Security/System)
  • Wacom driver process spawning unusual file operations

Network Indicators:

  • No network indicators - local vulnerability

SIEM Query:

EventID=4663 AND ObjectName="*" AND AccessMask="0x10000" AND ProcessName="*Wacom*"

📊 Metadata

CVE ID: CVE-2022-38604
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-59
Published: April 11, 2023
Last Updated: February 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-38604, you might also want to check these:

CVE-2024-37143 10.0

This CVE describes an Improper Link Resolution Before File Access vulnerability in multiple Dell Pow...

Same vulnerability type (CWE-59)
CVE-2024-28185 10.0

CVE-2024-28185 is a critical symlink vulnerability in Judge0 that allows attackers to write arbitrar...

Same vulnerability type (CWE-59)
CVE-2024-48862 9.8

CVE-2024-48862 is a path traversal vulnerability in QNAP's QuLog Center that allows remote attackers...

Same vulnerability type (CWE-59)