CVE-2022-35868
Severity Score
6.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-07-14 CVE Reserved
- 2023-02-14 CVE Published
- 2024-08-13 CVE Updated
- 2024-09-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-426: Untrusted Search Path
CAPEC
References (2)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-640968.pdf | 2024-02-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Siemens Search vendor "Siemens" | Tia Multiuser Server Search vendor "Siemens" for product "Tia Multiuser Server" | 14 Search vendor "Siemens" for product "Tia Multiuser Server" and version "14" | - |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Tia Multiuser Server Search vendor "Siemens" for product "Tia Multiuser Server" | 15 Search vendor "Siemens" for product "Tia Multiuser Server" and version "15" | - |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Tia Multiuser Server Search vendor "Siemens" for product "Tia Multiuser Server" | 15.1 Search vendor "Siemens" for product "Tia Multiuser Server" and version "15.1" | - |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Tia Multiuser Server Search vendor "Siemens" for product "Tia Multiuser Server" | 16 Search vendor "Siemens" for product "Tia Multiuser Server" and version "16" | - |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Tia Project-server Search vendor "Siemens" for product "Tia Project-server" | 1.0 Search vendor "Siemens" for product "Tia Project-server" and version "1.0" | - |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Tia Project-server Search vendor "Siemens" for product "Tia Project-server" | 17 Search vendor "Siemens" for product "Tia Project-server" and version "17" | - |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Tia Project-server Search vendor "Siemens" for product "Tia Project-server" | 17 Search vendor "Siemens" for product "Tia Project-server" and version "17" | update1 |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Tia Project-server Search vendor "Siemens" for product "Tia Project-server" | 17 Search vendor "Siemens" for product "Tia Project-server" and version "17" | update4 |
Affected
| ||||||