Untrusted Search Path Vulnerability in TIA Multiuser Server and TIA Project-Server by Siemens
CVE-2022-35868

6.7MEDIUM

Key Information:

Vendor: Siemens
Status: Tia Multiuser Server V14; Tia Multiuser Server V15; Tia Project-server; Tia Project-server V16
Vendor: CVE Published:; 14 February 2023

What is CVE-2022-35868?

An untrusted search path vulnerability was found in Siemens TIA Multiuser Server and TIA Project-Server that could be exploited by an attacker. By manipulating the legitimate user into initiating the service from a path controlled by the attacker, the attacker could gain unauthorized privileges. This affects multiple versions of the affected products, highlighting the need for prompt updates and vigilant security practices.

Affected Version(s)

TIA Multiuser Server V14 0

TIA Multiuser Server V15 All versions < V15.1 Update 8

TIA Project-Server All versions < V1.1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-64096...

https://cert-portal.siemens.com/productcert/html/ssa-6409...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 14, 2023
Vulnerability Reserved
Jul 14, 2022