A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path.
References
Configurations
Configuration 1 (hide)
|
History
13 Aug 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path. | |
References |
|
08 Feb 2024, 18:40
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:siemens:tia_project-server:16:*:*:*:*:*:*:* |
cpe:2.3:a:siemens:tia_project-server:17:update4:*:*:*:*:*:* cpe:2.3:a:siemens:tia_project-server:17:-:*:*:*:*:*:* cpe:2.3:a:siemens:tia_project-server:17:update1:*:*:*:*:*:* |
09 May 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.7 |
Summary | A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path. |
22 Feb 2023, 16:13
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-14 11:15
Updated : 2024-08-13 08:15
NVD link : CVE-2022-35868
Mitre link : CVE-2022-35868
CVE.ORG link : CVE-2022-35868
JSON object : View
Products Affected
siemens
- tia_multiuser_server
- tia_project-server
CWE
CWE-426
Untrusted Search Path