Privilege Escalation Vulnerability in SICAM TOOLBOX II by Siemens
CVE-2022-39062

7.8HIGH

Key Information:

Vendor: Siemens
Status: Sicam Toolbox Ii
Vendor: CVE Published:; 8 August 2023

Summary

A security flaw exists in SICAM TOOLBOX II prior to version 07.10, where improper permission settings for product folders allow authenticated users with minimal privileges to replace DLL files. This enables potential privilege escalation, posing significant security risks to the affected systems.

Affected Version(s)

SICAM TOOLBOX II All versions < V07.10

References

https://cert-portal.siemens.com/productcert/pdf/ssa-97596...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Aug 31, 2022