7.3
CVE-2022-35868
- EPSS 0.07%
- Veröffentlicht 14.02.2023 11:15:12
- Zuletzt bearbeitet 21.11.2024 07:11:50
- Quelle productcert@siemens.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Siemens ≫ Tia Multiuser Server Version14
Siemens ≫ Tia Multiuser Server Version15
Siemens ≫ Tia Multiuser Server Version15.1 Update-
Siemens ≫ Tia Multiuser Server Version16
Siemens ≫ Tia Project-server Version1.0
Siemens ≫ Tia Project-server Version17 Update-
Siemens ≫ Tia Project-server Version17 Updateupdate1
Siemens ≫ Tia Project-server Version17 Updateupdate4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.205 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| productcert@siemens.com | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.3 | 1.3 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
CWE-426 Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.