CVE-2022-43513

CWE-73 CWE-6103 documents3 sources

Severity

7.5HIGH

EPSS

0.1%

top 69.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Automation License Manager V5 Siemens Telecontrol Server Basic V3 Siemens Automation License Manager V6 +1 more

Timeline

PublishedJan 10

Description

A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2). The affected components allow to rename license files with user chosen input without authentication. This could allow an unauthenticated remote attacker to rename and move files as SYSTEM user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:LExploitability: 3.9 | Impact: 4.2

Affected Packages4 packages

▶CVEListV5siemens/automation_license_manager_v5< *

▶NVDsiemens/automation_license_manager9 versions+8

▶CVEListV5siemens/automation_license_manager_v6All versions < V6.0 SP9 Upd4

▶CVEListV5siemens/telecontrol_server_basic_v3< V3.1.2

🔴Vulnerability Details

CVEList

CVE-2022-43513: A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6↗2023-01-10

▶

GHSA

GHSA-3mf9-jjrh-xqv8: A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6↗2023-01-10

▶