CVE-2022-43517 — Incorrect Permission Assignment in Siemens Simcenter Star-ccm

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 75.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simcenter Star-ccm

Timeline

PublishedDec 13

Description

A vulnerability has been identified in Simcenter STAR-CCM+ (All versions < V2306). The affected application improperly assigns file permissions to installation folders. This could allow a local attacker with an unprivileged account to override or modify the service executables and subsequently gain elevated privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5siemens/simcenter_star-ccmAll versions < V2306

🔴Vulnerability Details

CVEList

CVE-2022-43517: A vulnerability has been identified in Simcenter STAR-CCM+ (All versions < V2306)↗2022-12-13

▶

GHSA

GHSA-hg77-f2qf-vwr3: A vulnerability has been identified in Simcenter STAR-CCM+ (All versions)↗2022-12-13

▶