CVE-2024-22042

EPSS 0.05%
Veröffentlicht 13.02.2024 09:15:47
Zuletzt bearbeitet 16.12.2024 15:02:32
Quelle productcert@siemens.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability has been identified in Unicam FX (All versions). The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host (conhost.exe) as a child process with SYSTEM privileges. This could be exploited by an attacker to perform a local privilege escalation attack.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siemens ≫ Unicam Fx Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.147

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
productcert@siemens.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-648 Incorrect Use of Privileged APIs

The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

https://cert-portal.siemens.com/productcert/html/ssa-543502.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-22042

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-22042

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-22042

EUVD