CVE-2022-37953

MEDIUM

WorkstationST <v07.09.15 - SSRF

Title source: llm

Description

An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater.

References (1)

[Vendor Advisory] https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-08-23_WorkstationST_Response_Splitting.pdf

Scores

CVSS v3 4.7

EPSS 0.0026

EPSS Percentile 49.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-113

Status published

Products (1)

ge/workstationst < 07.09.15

Published Aug 25, 2022

Tracked Since Feb 18, 2026