CVE-2024-22042

Published: Feb 13, 2024Modified: Dec 16, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A vulnerability has been identified in Unicam FX (All versions). The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host (conhost.exe) as a child process with SYSTEM privileges. This could be exploited by an attacker to perform a local privilege escalation attack.

Affected (1)

Products: Siemens: Unicam Fx

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Siemens Unicam Fx	All versions

Related CWEs

Incorrect Use of Privileged APIs

The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

References (2)

https://cert-portal.siemens.com/productcert/html/ssa-543502.html

Source: productcert@siemens.com

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-543502.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.