// For flags

CVE-2024-22042

 

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability has been identified in Unicam FX (All versions). The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host (conhost.exe) as a child process with SYSTEM privileges. This could be exploited by an attacker to perform a local privilege escalation attack.

Se ha identificado una vulnerabilidad en Unicam FX (todas las versiones). El agente de instalación de Windows utilizado en el producto afectado contiene un uso incorrecto de API privilegiadas que activan el host de la consola de Windows (conhost.exe) como un proceso secundario con privilegios de SYSTEMA. Un atacante podría aprovechar esto para realizar un ataque de escalada de privilegios local.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2024-01-04 CVE Reserved
  • 2024-02-13 CVE Published
  • 2024-02-14 EPSS Updated
  • 2024-08-01 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-648: Incorrect Use of Privileged APIs
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Siemens
Search vendor "Siemens"
Unicam FX
Search vendor "Siemens" for product "Unicam FX"
0
Search vendor "Siemens" for product "Unicam FX" and version "0"
en
Affected