Back to KEVs

CVE-2022-40022

Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.

Basic Information

CVE State
PUBLISHED
Reserved Date
September 06, 2022
Published Date
February 13, 2023
Last Updated
March 21, 2025
Vendor
n/a
Product
n/a
Description
Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.
Tags
nuclei_scanner

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation
none
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2025-08-22 00:00:00 UTC) Source

References

https://www.microsemi.com/document-portal/doc_download/135737-datasheet-syncserver-s650 https://www.microsemi.com/campaigns/network-time-servers/syncserver-s600/?url= https://www.microsemi.com/campaigns/network-time-servers/S650p/%3Fgd%3D1&id=5&gclid=Cj0KCQjwjbyYBhCdARIsAArC6LL-202ej5YfDB5lMIMSZ2735qjo5yaj2i-PrvLv2Cnh_kIJtFJ0oF8aAlMpEALw_wcB https://www.securifera.com/advisories/CVE-2022-40022/ http://packetstormsecurity.com/files/172907/Symmetricom-SyncServer-Unauthenticated-Remote-Command-Execution.html

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-08-22 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/symmetricom_syncserver_rce.rb 2025-04-28 15:02:11 UTC
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-40022.yaml 2025-04-25 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

symmetricom_syncserver_rce

Type: metasploit • Created: Unknown

Metasploit module for CVE-2022-40022

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Detected by Nuclei

  • Detected by Metasploit

  • Added to KEVIntel