CVE-2022-35868
CVSS V2 None
CVSS V3 None
Description
A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path.
Overview
- CVE ID
- CVE-2022-35868
- Assigner
- productcert@siemens.com
- Vulnerability Status
- Analyzed
- Published Version
- 2023-02-14T11:15:12
- Last Modified Date
- 2023-02-22T16:13:16
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:siemens:tia_multiuser_server:14:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:siemens:tia_multiuser_server:15:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:siemens:tia_multiuser_server:15.1:-:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:siemens:tia_multiuser_server:16:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:siemens:tia_project-server:1.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:siemens:tia_project-server:16:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:siemens:tia_project-server:17:*:*:*:*:*:*:* | 1 | OR |
References
| Reference URL | Reference Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-640968.pdf | Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-35868 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35868 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 07:41:09 | Added to TrackCVE | |||
| 2023-04-17 07:41:11 | Weakness Enumeration | new |