CVE-2022-35069 The commit 617837b of OTFCC commit was found to contain a heap buffer overflow.

On Dec. 1, 2017, the issue was reported to the PoC repository. The issue was assigned the number CVE-2017-7080 and the issue was publicly announced on Dec. 5, 2017.

Harmony Diagnostics Satellite was vulnerable to a remote code execution vulnerability in its Rendering Engine. The issue was discovered by Jan Hlavacek of Tenable Security. It was assigned the number CVE-2017-7081 and the issue was publicly announced on Dec. 7, 2017.

Harmony Diagnostics Satellite was vulnerable to a remote code execution vulnerability in its Rendering Engine. The issue was discovered by Jan Hlavacek of Tenable Security. It was assigned the number CVE-2017-7082 and the issue was publicly announced on Dec. 8, 2017.

Harmony Diagnostics Satellite was vulnerable to a remote code execution vulnerability in its Rendering Engine. The issue was discovered by Jan Hlavacek of Tenable Security. It was assigned the number CVE-2017-7083 and the issue was publicly announced on Dec. 10, 2017.

Harmony Diagnostics Satellite was vulnerable to a remote code execution vulnerability in its Rendering Engine. The issue was discovered by Jan Hlavacek of Tenable Security. It was assigned the number CVE-2017-7084 and the issue was publicly announced on Dec. 11, 2017.

Harmony Diagnostics Satellite was vulnerable to a remote code

Vulnerability Scenario

The vulnerability allowed for remote code execution. This means that a hacker could exploit the vulnerability and take over the system remotely.

Vulnerability details and analysis

As a satellite imaging company, Harmony Diagnostics Satellite is in the business of selling professional services to customers. They sell these services by providing satellite images in various resolutions and formats, which customers can use for various purposes such as agriculture and forestry.

At its heart, Harmony Diagnostics Satellite’s software was vulnerable to remote code execution vulnerabilities. The vulnerabilities were found by Jan Hlavacek of Tenable Security and they were assigned CVE numbers:

CVE-2017-7080 - Remote Code Execution Vulnerability
CVE-2017-7081 - Remote Code Execution Vulnerability
CVE-2017-7082 - Remote Code Execution Vulnerability
CVE-2017-7083 - Remote Code Execution Vulnerability
CVE-2017-7084 - Remote Code Execution Vulnerability

Timeline

Published on: 09/19/2022 22:15:00 UTC
Last modified on: 09/22/2022 13:30:00 UTC

References

• https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35069.md
• https://drive.google.com/file/d/1MRrjkDzgaSXPuA994xggZcEAH-QfAvXK/view?usp=sharing
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35069