A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-640968.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Feb 2024, 18:40
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:siemens:tia_project-server:17:*:*:*:*:*:*:* |
cpe:2.3:a:siemens:tia_project-server:17:-:*:*:*:*:*:* cpe:2.3:a:siemens:tia_project-server:17:update1:*:*:*:*:*:* cpe:2.3:a:siemens:tia_project-server:17:update4:*:*:*:*:*:* |
09 May 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.7 |
Summary | A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path. |
22 Feb 2023, 16:13
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:siemens:tia_multiuser_server:15.1:-:*:*:*:*:*:* cpe:2.3:a:siemens:tia_project-server:17:*:*:*:*:*:*:* cpe:2.3:a:siemens:tia_project-server:16:*:*:*:*:*:*:* cpe:2.3:a:siemens:tia_multiuser_server:14:*:*:*:*:*:*:* cpe:2.3:a:siemens:tia_multiuser_server:16:*:*:*:*:*:*:* cpe:2.3:a:siemens:tia_multiuser_server:15:*:*:*:*:*:*:* cpe:2.3:a:siemens:tia_project-server:1.0:*:*:*:*:*:*:* |
|
References | (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-640968.pdf - Vendor Advisory | |
First Time |
Siemens
Siemens tia Multiuser Server Siemens tia Project-server |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.3 |
14 Feb 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-14 11:15
Updated : 2024-02-08 18:40
NVD link : CVE-2022-35868
Mitre link : CVE-2022-35868
CVE.ORG link : CVE-2022-35868
JSON object : View
Products Affected
siemens
- tia_multiuser_server
- tia_project-server
CWE
CWE-426
Untrusted Search Path