CVE-2022-35868 — Untrusted Search Path in Siemens TIA Multiuser Server V14

CWE-426 — Untrusted Search Path3 documents3 sources

Severity

7.3HIGHNVD

CNA6.7

EPSS

0.1%

top 67.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens TIA Multiuser Server V14 Siemens TIA Project-server V16 Siemens TIA Multiuser Server V15 +3 more

Timeline

PublishedFeb 14

Description

A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages7 packages

▶CVEListV5siemens/tia_project-server_v16< *

▶CVEListV5siemens/tia_multiuser_server_v14< *

▶CVEListV5siemens/tia_project-serverAll versions < V1.1

▶NVDsiemens/tia_project-server1.0, 17+1

▶NVDsiemens/tia_multiuser_server4 versions+3

🔴Vulnerability Details

GHSA

GHSA-5qx2-5w4h-wgr8: A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15↗2023-02-14

▶

CVEList

CVE-2022-35868: A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15↗2023-02-14

▶