CVE-2022-43722
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software does not properly secure a folder containing library files. This could allow an attacker to place a custom malicious DLL in this folder which is then run with SYSTEM rights when a service is started that requires this DLL. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.
Se ha identificado una vulnerabilidad en SICAM PAS/PQS (Todas las versiones < V7.0). El software afectado no protege adecuadamente una carpeta que contiene archivos de la librería. Esto podría permitir a un atacante colocar una DLL maliciosa personalizada en esta carpeta que luego se ejecuta con derechos de SYSTEMA cuando se inicia un servicio que requiere esta DLL. En el momento de asignar el CVE, la versión de firmware afectada del componente ya ha sido reemplazada por versiones principales sucesivas.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-10-24 CVE Reserved
- 2022-12-13 CVE Published
- 2024-07-05 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-427: Uncontrolled Search Path Element
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-849072.pdf | 2023-10-17 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Siemens Search vendor "Siemens" | Sicam Pas\/pqs Search vendor "Siemens" for product "Sicam Pas\/pqs" | < 7.0 Search vendor "Siemens" for product "Sicam Pas\/pqs" and version " < 7.0" | - |
Affected
| ||||||