A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path.
References
Configurations
Configuration 1 (hide)
|
History
13 Aug 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path. | |
References |
|
08 Feb 2024, 18:40
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:siemens:tia_project-server:17:*:*:*:*:*:*:* |
cpe:2.3:a:siemens:tia_project-server:17:-:*:*:*:*:*:* cpe:2.3:a:siemens:tia_project-server:17:update4:*:*:*:*:*:* cpe:2.3:a:siemens:tia_project-server:17:update1:*:*:*:*:*:* |
Information
Published : 2023-02-14 11:15
Updated : 2024-08-13 08:15
NVD link : CVE-2022-35868
Mitre link : CVE-2022-35868
CVE.ORG link : CVE-2022-35868
JSON object : View
Products Affected
siemens
- tia_project-server
- tia_multiuser_server
CWE
CWE-426
Untrusted Search Path