CVE-2022-35868

Published: Feb 14, 2023Modified: Nov 21, 2024

7.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.3 / Impact: 5.9

Source: NVD (Secondary)

Description

A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path.

Affected (8)

Products: Siemens: Tia Multiuser Server, Tia Project Server

Siemens

2 products

Tia Multiuser Server

Tia Project Server

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Siemens Tia Multiuser Server	Version 14
Siemens Tia Multiuser Server	Version 15.1
Siemens Tia Multiuser Server	Version 15
Siemens Tia Multiuser Server	Version 16
Siemens Tia Project Server	Version 1.0
Siemens Tia Project Server	Version 17
Siemens Tia Project Server	Version 17 update1
Siemens Tia Project Server	Version 17 update4

Related CWEs

CWE-426

Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (3)

https://cert-portal.siemens.com/productcert/html/ssa-640968.html

Source: productcert@siemens.com

https://cert-portal.siemens.com/productcert/pdf/ssa-640968.pdf

Source: productcert@siemens.com

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-640968.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.